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Automation for your build and 
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and metrics allow you to scale 
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maintaining control over 
quality and process. 
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of configuration changes 
across environments. 
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FROM THE EDITORS 


Preparing for Windows 8 


G et ready: Windows 8 is coming. 

For enterprise software develop¬ 
ers, the new M etro interface is likely to 
be a curiosity, but one which you'll be 
facing soon enough. The impact that 
Windows 8 will have on you and your 
development team will depend on 
whether you're writing desktop soft¬ 
ware for internal consumption or for 
outside clients/customers. 

L et’s tal k about i nternal software fi rst. 
I f your organization uses Windows desk¬ 
top/notebook computers, it's very likely 
to have a heterogeneous mix Maybe 
there's some Windows 7. Some Windows 
Vista. Some Windows XP (with die-hard 
employees refusing to give up their Pen¬ 
tium mini-towers). Perhaps even a few 
Windows 2000 instances, although that's 
increasingly rare. 


Unless you work for an organization 
that will move wholesale to Windows 8, 
your relationship to the M etro user inter¬ 
face and the new operating system will 
be best described by two words: "regres¬ 
sion testing." Stay on top of the Windows 
8 hubbub, but certainly don't expend any 
significant resources to learning the new 
API sand coding models. 

If your applications are used by 
external customers, it’s a different story. 
F or competitive reasons, customers will 
expect applications running on their 
shiny new Windows 8 touch-screen 
desktops and tablets to have the M etro 
user interface. It's your job to meet 
those expectations. 

F ortunately, on first blush it should be 
relatively easy to retrofit or wrapper 
existing Windows applications to play 


nicely with M etro. I f you have a complex 
application, there does not seem to be a 
compelling benefit to re-architecting or 
rewriting your software to use WinRT. 
The exception would be applications that 
are very interactive and dependent on 
the user interface. I n any case, it's critical 
that applications be able to work with 
both touch-based M etro and traditional 
keyboard/mouse environments. 

F inally, if you are building Web appli¬ 
cations, be aware that Windows 8 will 
include two separate Internet Explorer 
experiences. Back to regression testing 
again: Customers will want to be able to 
use the M etro browser. Be sure that they 
don't feel like second-class citizens. 

Windows 8 will be upon us next year, 
further complicating our desktop 
development experience. Whether we 
like it or not, most of us will need to 
support it. So, let's get ready. I 


Stop making 

W e've been writing about software 
security flaws for 11 years, and 
when it comes to the developer’s role, 
not much has changed. But it needs to. 

You can rattle off the biggest sources 
of vulnerabilities. Say them with us: SQL 
Injection. Cross-site scripting. Insecure 
direct-object references. Weak password 
requirements. Parameter reflection. 
Unchecked buffers. Undiscovered back¬ 
doors. Subversion of access control lists. 
Improper sharing of trust relationships. 
Flaws in cryptographic implementation. 

F ailure to authenticate. The list goes on. 

While certainly there are new vec¬ 
tors for attacks, such as mobile apps or 
rich Web 2.0 applications, the basics 
haven't changed. Yet study after study, 
analyst after analyst, say that developers 
are making the same mistakes they 
made in 2000. That they made in 1990. 
And earlier. 

What will it take for software devel¬ 
opment managers to create a culture of 
code quality that includes secure pro- 


the same old 

gramming practices? We can't claim 
that managers are unaware, or that 
executives are unaware, or that pro¬ 
grammers and testers are unaware. 
These are known issues, and the proper 
security practices are also known. 

Certainly one solution is automated 
testing. There are many vendors who 
will happily sell you static analysis tools, 
and if you're not using analyzers, you 
should be, either commercial offerings 
or open-source tools. E qually, there are 
many who believe that the best way to 
enforce the use of those tools is to build 
them into the code check-in process. 
It's hard to argue with that; program¬ 
mers, like all other humans, can make 
mistakes. Automation can help ensure 
that most coding errors are caught. 

Automation isn't the only answer, at 
least not automated testing. The real 
challenge is to teach, inspire, wheedle 
and cajole programmers to make sure 
that the errors aren't introduced into 
their code in the first place. (If someone 


mistakes 

is a poor writer, you don’t improve their 
skills by adding a spell-checker, after all.) 
Testing software is a safety net, not a sub¬ 
stitute for an awareness of secure pro¬ 
gramming practices—and a culture that 
prizes getting it right in the ID E. 

One suggestion isto combine carrots 
and automation. Develop motivational 
programs to reward programmers for 
coding things right the first time. Think 
about those signs you see in industrial 
workplaces: "XX Days Without an Acci¬ 
dent." 

What if you posted signs saying "XX 
D ays Without a Coded Security Vulner¬ 
ability," reviewed every caught vulnera¬ 
bility in a staff meeting, and celebrated 
milestones? When coupled with check- 
in-based automated static analysis, pos¬ 
itive motivation may do the trick. 

We've known about these problems 
for years. We've put up with them, trust¬ 
ing static analysis tools and good fortune 
to save usfrom disaster. I f you want more 
secure software, change the culture. I 
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► J.D. says 'Check it out’ 

I love this article: "At Least Three Good Reasons for Testers to 
Learn to Program" (see it at tinyurl.com/6jxoyfq). Yes, this is the 
latest in a disturbing series of dreadfully ugly websites created 
by people whose insights into software development would lead 
you to expect better. Try to look past the atrocious design and 
appreciate the clarity of the argument. I wouldn't blame you if 
you followed up by reading other blog posts at the same site ("I Reject His Argu¬ 
ment" is a delight). 




► Five Neat Things 
at the Facebook 
Developer Conference 

Facebook's developer conference 
showed off numerous tools from the 
popular social networking site. 


Don't blame 
Android or Google 
for faulty phones 

(Re: "Google's M otorola buy could ease 
developer pain points," September 2011, 
p. 18), again, there are three current ver¬ 
sions of Windows in use: XP, Vista and 7. 
There are three current supported ver¬ 
sions of Red H at E nterprise: 4, 5 and 6. 
There are two current supported ver¬ 
sions of U buntu: LTS 8.04 and 10.04. 

The problem with Android is NOT 
that 2.1,2.2 and 2.3 are all currently sup¬ 
ported. The problem is that the handset 
makers put their own Uls on top of 
Android instead of using the ASOP ver¬ 
sion that comes with Android. The man¬ 
ufacturers make middle- and low-end 
phones that are NOT upgradeable, so 
they ship a phone with 2.1 with low 
specs that cannot handle newer versions, 
and they then abandon these phones. 

The consumer who is locked into a 2- 
year contract cannot upgrade, so they are 
stuck. It is not an Android issue, and the 
fragmentation conversation is the silliest 
thing ever because the desktop and 
servers are "fragmented" by your logic. 
The issue is that the carriers and manu¬ 
facturers create their own issues by devi¬ 
ating from the norm to lock people in. 
The carriers insist on tons of bloatware to 
lock in customers and slow these devices 
down, and then take forever to approve 
changes to the OS on the devices. My 
Thunderbolt is more then capable of 
running Gingerbread and Sense Ul 3.0, 
but HTC and the carrier (VZW) have 
dragged their [butts] in upgrading it. 

Again, not the fault of Google or 
Android. 

B. Rosenberg, 

U nited States 


What do you think? 

Letters to SD Times should include the 
writer's name, company affiliation and 
contact information. Letters become the 
property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 
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ComponentArt 
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Enables rendering of XAML-based 
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ComponentArt 

Mobile Dashboards 
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A 'different robot' helps 
personalize Internet 



Diffbot is designed to look at Web pages as humans do by identifying discrete parts of it. 


BY VICTORIA REITANO 

Organizing personal Web updates is 
becoming more and more difficult, 
based solely on the amount of times sites 
are updated on a daily basis. M ichael 
Tung, cofounder and CEO of Diffbot, 
realized this while in grad school. He 
went to Stanford with the company's 
other cofounder, Leith Abdulla, and he 
quickly learned that he would need 
some sort of system to organize his com¬ 
puter science course load. 

"I had an idea to create a tool that 
would review the class websites and 
extract new information on the site, and 
then notify me on my phone when infor¬ 
mation changed," Tung said. This robot¬ 
ics-based technology became known as 
D iffbot, which he said merely stands for 
different robot, a program that scans the 
Web for different types of information. 

Diffbot learned the Web, with the 
help of Abdulla and Tung and months of 
research. Tung said that while doing 
projects for his Artificial Intelligence 
courses, he realized that he could use 
computer-vision techniques to under¬ 
stand, analyze and extract information 
from websites, similar to the way 
humans understand websites. 

Tung said the D iffbot team spent sev¬ 
eral months researching the Web, asking 
friends and test users to submit U RLsto 
the service. As they received more and 
more types of websites, Tung said it 
became apparent that the Web as we 
know it is divided into 30 categories. 

He created learning API sthat corre¬ 
late to these categories, two of which 
have been released to the public: On- 
Demand and Follow. "There is a fixed 
amount of page types that humans can 
recognize, and they span cultures and 
languages," he said, adding that no mat¬ 
ter what language a website is, all ads, 
headers, footers and modules are ren¬ 
dered in a way that any human can 
comprehend. 

The learning API scan be accessed for 


free for up to 50,000 calls, and then on an 
on-demand model after that. The On- 
Demand API, divided into Frontpage 
and Articles, analyzes home pages, index 
pages and article pages. It can "learn" 
specific information based on headlines, 
bylines, images, text, pictures and tags. 

The F ollow API can notify a user of 
changes or updates made to any Web 
page. 

On-Demand is used with news sites 
and news applications, like the AOL 
Editions application, an iPad magazine. 
The developers who created the Edi¬ 
tions application used the search capa¬ 
bilities to direct the Diffbot APIs to 
"learn" what readers of the iPad appli¬ 
cation like to see, and then deliver it on 
a daily basis. 

Applications using the D iffbot tech¬ 
nology and APIs can also analyze text 
displayed on a Web page, understand 
keywords and allow developers to cate¬ 
gorize the content, analyze homepages, 
generate an RSS feed based on key¬ 


words, and convert Web pages into 
mobile formats. 

Tung said that developers can take 
this technology and use it to create any 
type of Web or mobile app they can 
conceive of, and end users can test it 
out by using Diffbot's beta front-end 
user interface, FeedBeater.com. Feed- 
Beater.com gives end users and devel¬ 
opers a feel for how the technology 
works, with the developer site giving 
developers more granular and direct 
access. Developer access to the APIs 
allows them to regulate these extraction 
terms through HTML, giving them a 
deeper, more direct way to extract 
information from certain websites. 

The algorithms that D iffbot uses to 
extract information learn at an excep¬ 
tional rate; Tung said they are updated 
three times per week and will continue 
learning perpetually. H e added that the 
Diffbot team is working on releasing 
the 28 other categories it identified on 
the Web as APIs in the near future. I 
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Salesforce.com turns up PaaS pressure 

But new offerings from its Heroku acquisition put it in direct competition with VMware 


BY ALEX HANDY 

Salesforce.com's acquisition of platform- 
as-a-service provider H eroku was a focal 
point of this year's Dreamforce confer¬ 
ence. At that event, H eroku opened beta 
access to J ava developers to its formerly 
Ruby-only PaaS. That same week, 
VM ware's VM world conference also took 
place, featuring the release of a beta ver¬ 
sion of the company's Java PaaS in 
CloudFoundry. The combination these 
announcements shows that both are 
heading for increased competition. 

Just over a year ago, Salesforce and 
VM ware were making joint announce¬ 
ments. Known asVM force, the two com¬ 
panies told customers that they would be 
collaborating to blend private and public 
clouds into a single entity. That project 
was killed just before the H eroku acqui¬ 
sition by Salesforce, with VM ware 
rumored to have been outbid for it. 

VMware had already announced its 
Java platform-as-a-service, Cloud- 
Foundry, but the company also 
announced its own PostgreSQL-based 
cloud database product. VM ware's 
announcements bring it up to par with 
services now offered by FI eroku, with 
the primary difference being that Sales¬ 
force offers its services in public clouds, 
while VM ware's are for private clouds. 


The FI eroku PaaS already offers 
PostgreSQL databases to Ruby devel¬ 
opers. VM ware's private cloud offering, 
known as vFabric Data Director, will 
offer on-demand database capabilities 
to enterprises using the vSphere system 
in private clouds. 

On the actual PaaS side of the coin, 
VMware has been hyping its Cloud- 
F oundry product, which seeks to sup¬ 
port popular Java frameworks in a 
deployable PaaS environment. FI eroku's 
announcement of beta support for J ava 
brings similar capabilities to its hands- 
off approach toward PaaS. VM ware is 
also hoping to spread CloudFoundry 
support to other languages. 

Byron Sebastian, general manager of 
FI eroku, said that J ava was chosen as the 
first new language supported on the pre¬ 
viously Ruby-only service due to cus¬ 
tomer demand. 

"We have close to 500,000 apps [run¬ 
ning in FI eroku and Salesforce's PaaS], 
F or each one of those, it involved them 
learning a new programming language, 
whether it was Ruby or Apex. Support¬ 
ing J ava has the potential to unleash the 
floodgates of developers who say, 'I 
want to move to the cloud, but it does¬ 
n't make sense for me to learn a new 
language. I just need a platform that's 


designed for this world. To me, it’s all 
about incredible acceleration.'" 

I n addition to the PaaS announce¬ 
ments from last month's conference, 
Marc Benioff, CEO of Salesforce, 
announced the new Database.com 
Data Residency Option. This allows 
developers building applications inside 
Salesforce to use data hosted within pri¬ 
vate data centers. 

"This lets you take data in your data 
center and include it in your Sales- 
force.com applications," said Benioff. 
"I t doesn't have to be in our data center, 
it can be in your data center. We can 
continue to provide our updates and 
changes, but if there is key data in your 
data center, and you have a policy 
against hosting the data outside or 
there's a government policy issue, now 
you have the ability to keep that data in 
your data center." 

"F orce.com is an amazingly powerful 
platform that has a huge amount of 
adoption, and it’s been amazing to get to 
know them in my new role," said Sebas¬ 
tian. "Customers range from large con¬ 
servative organizations, all the way to the 
newest and rapidly growing companies. 
The reason they're picking Force.com, 
in addition to the fact it's a great plat¬ 
form and abstracts away servers, is it 
provides a great development model for 
rapid development of data-driven appli¬ 
cations that are form and table driven." 

Al Hilwa, program director for 
application development software at 
I DC, said that the PaaS wars are all 
about developers. "From the PaaS 
wars, we are seeing from the announce¬ 
ments that there is a huge battle for the 
hearts and minds of application devel¬ 
opers," he said. 

"There is a major transformation 
taking place in application platforms, 
and everybody is fighting to paint a 
vision of what things will look like when 
all settles down. We are drifting into a 
more diverse world where there are 
many languages and platforms available 
to developers in a viable way." I 



Salesforce's Marc Benioff promoted the company's Data Residency Option. 
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OpenStack update spurs 

Companies aligned with the project are preparing 


BY ALEX HANDY 

The OpenStack project went public 
with its "Diablo" release late last 
month, even as cloud-computing com¬ 
panies brought their own commercial 
distributions of the open-source cloud 
operating system to market. 

Jonathan Bryce is chairman of the 
OpenStack project policy board, and 
D evin C arlen is a project leader; both are 
part of the companies now hoping to get 
value from the project. Bryce works at 
Rackspace, which uses OpenStack com¬ 
ponents to host its public cloud. Carlen is 
a cofounder of N ebula, a company seek¬ 
ing to productize OpenStack. 

They're joining a group of startups 
and existing software companies that 
will be bringing their own distributions 
of this open-source cloud operating sys¬ 
tem to market later this year. 

Commercializing OpenStack 

At the core of this newfound rush to 
commercialize OpenStack are the com¬ 
plaints many companies have had about 
the platform since it was created. Josh 
McKenty, founder of Piston Cloud 
Computing and one of the original 


authors of OpenStack Compute at 
NASA, said that his company made 
inroads with the government by offering 
a security layer inside of OpenStack. 

M cKenty said that many government 
organizations and enterprises have been 
looking for a way to use OpenStack, but 
current security and compliance require¬ 
ments were making that difficult. While 
he was at N ASA, working on the N ebula 
project that became OpenStack Com¬ 
pute, he said that the project's security 
could not be open-sourced. 

"At N ASA, it was the first cloud envi¬ 
ronment ever certified under FISMA 
[Federal Information Security Manage¬ 
ment Act] because of the work we put 
into making it secure. Unfortunately, we 
couldn't open-source that. The govern¬ 
ment still believes in security by obscuri¬ 
ty," said M cKenty. 

Thus Piston Cloud Computing offers 
these security enhancements on a com¬ 
mercial basis. The primary source of 
these enhancements is the new Linux 
distribution used underneath. McKenty 
said that Piston Cloud Computing creat¬ 
ed its own Linux distribution for this 
product, stripped of all non-essential ele- 



Piston Cloud Computing's Josh McKenty says 
that there's still room for collaboration and 
competition around OpenStack. 


mentsfor the running of OpenStack. 

OpenStack isn't just forming the basis 
for commercial distribution companies. 
I t's also gathering support from tradition¬ 
al enterprise software vendors looking at 
ways to support private clouds. Ser- 
viceM esh, a cloud unification and gover¬ 
nance platform company, announced in 
late September that it had begun to sup¬ 
port its platform on OpenStack. 

Dave Roberts, vice president of 


A look inside OpenStack 'Diablo' release 


The OpenStack Diablo release adds a dis¬ 
tributed cloud scheduler, a high-availabil¬ 
ity network mode, and support for a new 
authentication service known 
as OpenStack Identity Man¬ 
agement (also known as Pro¬ 
ject Keystone). It also includes 
updates for the three existing 
OpenStack core components: 

Compute (Nova), Object Stor¬ 
age (Swift), and disk image 
storage (Glance). 

Jonathan Bryce, chairman 
of the OpenStack project poli¬ 
cy board and cofounder of 
Rackspace Cloud, said that 
this was a major update. Other highlights 
include networking components, system 
scalability, and usability enhancements. 


ui anew l;cv n i v^< 
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Jonathan Bryce says 
Diablo has a polished 
user experience. 


Primary among those usability 
enhancements is the new dashboard. 
Devin Carlen, founder and vice president 
of engineering at OpenStack dis¬ 
tributor Nebula, was also a 
leader of the dashboard creation 
effort for Diablo. "Essentially, it is 
a project that allows you to go in 
and manage your virtualized 
infrastructure, manage objects 
in the object store, and manage 
block volumes and IP addresses," 
he said of the new Web-based 
administration dashboard. 

"Systems administrators can 
go in and see info about usage, 
and about the cloud deployment, as well as 
user and tenant management, and per¬ 
form basic network and security isolation. 


We've been focused on adding features 
during Diablo, and planning on really pol¬ 
ishing and focusing on the user experience 
and making sure it's a world-class guality 
of product. It integrates with Glance, Swift, 
Nova and with the newly incubated Quan¬ 
tum network-as-a-service project. It also 
includes support for the new keystone 
project for authentication." 

As incubator projects, both Quantum 
and Keystone are still being developed, 
with stable releases planned to coincide 
with next spring's Essex release of Open- 
Stack. Of Keystone, Bryce said, "We didn't 
want to go write a new replacement for 
LDAP. We wanted to fill in the gap between 
existing authentication systems and what 
you need in a cloud infrastructure. 

"There are concepts around multi¬ 
tenancy and around API calls that the ID 
management service layers on top of 
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commercial versions 


fall releases 

strategy and marketing at ServiceM esh, 
said that his company’s existing enter¬ 
prise customers were already using 
VM ware, but recently they've begun to 
prepare for OpenStack. 

"I would say VMware and Open- 
Stack are receiving the most interest," 
he said. "Everybody has VMware and 
has built virtualized environments 
based on VM ware, and it's fairly easy to 
make the transition from virtualized to 
cloud-based on VMware underpin¬ 
nings. That said, VM ware costs a rea¬ 
sonable amount of money, and we saw 
with the whole dustup over VM ware's 
pricing scheme, that is moving to the 
front of people's minds." 

McKenty agreed. "We're still in the 
early adopter phase for sure. The N o. 1 
request we got was, ‘Give us something 
secure and supported, so we can call you 
if we have problems.' They see VM ware 
as being the new M icrosoft, and they 
don’t want to be stuck paying them every 
year for the next three decades," he said. 

Governing the cloud 

McKenty said that, despite the new¬ 
found competition around OpenStack, 


existing authentication systems. You can 
build your back end with something like 
Active Directory, and rather than set up 
new credentials for everyone, you enable 
it in your OpenStack cloud." 

Quantum, said Bryce, is a network man¬ 
agement system designed to function with 
or without OpenStack. "It's a layer-two net¬ 
working management system, meant to 
control virtualized networks, but also meant 
to control network devices. It will allow you 
to control things like quality-of-service rules 
to set up network segmentation, and to take 
control of the network and use it beyond 
just some virtual networking for some com¬ 
pute nodes," he said. 

He added that Quantum can be used 
without a cloud environment, and it offers 
some powerful network management capa¬ 
bilities useful for any type of data center. I 

—Alex Handy 


there's plenty of room for companies to 
collaborate and compete. Every two 
weeks, he said, Piston Cloud Computing 
holds an OpenStack meet-up in its San 
F rancisco offices, and he said that many 
of his competitors show up for the event. 

And while this may sound like an 
insular club, McKenty said that gover¬ 
nance of the OpenStack project is not 
monopolized by any company. One of 
the concerns over 0 penStack is its lack of 
a non-profit governing body, but M cKen- 
ty said there is a reason for its absence. 

"I see this in the media a lot, but I 
haven’t heard it from the community," 
he said. "We're up to 13 or 14 people on 
the project policy board. There's Piston 
Cloud, HP, Citrix, Cisco, and a few 
Rackspace people. It's ending up in a 
quite nicely balanced discussion. We've 
made sure that in the discussions of the 
working group we have no more than 
one representative from any one com¬ 
mercial entity." 

Additionally, said M cKenty, the rea¬ 
son there is no non-profit governance 
board is because NASA, as a govern¬ 
ment organization, can’t donate to a 
non-profit. That would have made the 
creation of OpenStack impossible. 

But AI H ilwa, program director for 
applications development software at 
I DC, said that governance is still a key 
issue for OpenStack. "They have cer¬ 
tainly built out to a large consortium¬ 
like entity with many, many cooks," he 
said. "They have size, but whether they 
have agility is another thing. I think that 
their biggest challenge at this point is 
managing the hugely divergent and 
competing interests of their members." 

Bryce said that OpenStack is nearing 
the point where a non-profit may be 
necessary, however. "We had a discus¬ 
sion around this at the OpenStack 
D esign Summit in April," he said. 

"We said it's most likely going to hap¬ 
pen at some point, but when we've 
talked with a lot of the companies most 
involved in OpenStack up to this point, 
they've said it’s just too early. There has 
to be a level of commitment and involve¬ 


ment, financially and resource-wise, 
from companies to make something like 
the non-profit work. Otherwise, it's just 
another layer of bureaucracy and 
expense. I think we're heading towards 
the time when that step is going to be 
something that makes more sense." 

Holes to fill 

While OpenStack has been advancing 
quickly, it is still rife with areas that could 
use improvement. Companies and 
groups are working to build the missing 
pieces of the puzzle. Intel, for example, 
has designed an entire Web-based Open- 
Stack administration GUI, which it 
hopes to open-source later this year. 

M cKenty’s Piston Cloud, on the other 
hand, has taken on the troublesome set¬ 
up process for OpenStack. "The problem 
is that it's self-provisioning for the end 
users, but it's more complicated for the 
administrators," he said. "Piston Enter¬ 
prise Operating System is packaged in a 
USB stick. You plug it into your laptop 
and set up your whole cloud by editing a 
single config file. Then you plug it into 
your switch, and walk away." 

Other companies are building a stack 
layer above those administration tools. 
ServiceM esh, for example, instead of 
administrating OpenStack, enacts poli¬ 
cies in the ServiceM esh layer and 
spreads them across clouds, regardless of 
their underlying operating system. 

"One of the challenges with any sin¬ 
gle cloud implementation technology is 
that they all try to provide a UI, but that 
UI is typically locked to that implemen¬ 
tation technology," said Roberts. "All 
the public providers have their own 
Web-based UIs." 

McKenty said that OpenStack is 
being used and tested around the world, 
and not all of those projects are reporting 
their progress. H e lamented the fact that 
OpenStack is not "postcard-ware." 

"It's similar to the early adoption of 
Linux," he said. "The early Linux 
license required people to send Linux a 
postcard so he knew what people were 
doing with it." I 




ntwo I SD Times | October 2011 | www.sdtimes.com | _ 

R-Pindad^p6ElstD9lj0pi9SS 

ISk/vacqiisiticns and products pUtfttirecf larguageirtodearB'fcas 


BY ALEX HANDY 

In August, the previously Ruby-only 
PaaS firm, Engine Yard, acquired PH P 
PaaS company Orchestra, while Zend 
Technologies released version 5.5 of its 
Zend Server. But the repercussions of 
consolidation and innovation in the PH P 
market will still be with us into next year. 

Andi Gutmans, CEO of Zend, said 
that the real focus for Zend Server 5.5 
is deployment. He said that while 
enterprises are no longer struggling to 
use agile and PHP, they are now 
encountering problems keeping up 
with faster release cycles. 

"What you're seeing in the DevOps 
movement, you're seeing the develop¬ 
ment side has really adopted agile 
development. You see development 
teams putting out new functionality 
faster. You typically want to be on a bi¬ 
weekly release cycle, but the deploy¬ 
ment is not automated enough to foster 
that," said Gutmans. 

"Even though on the development 
side, some of the issues have been 
resolved, on the deployment side they 
haven’t." 

To that end, Zend Server 5.5 
includes deployment capabilities that 
mimicthose injava. "It'ssimilartojava, 
where you have a WAR file," said Gut¬ 
mans. "You can package up whole 
applications with configuration, and 
hand that consistent package off to pro¬ 
duction and ensure all the code is end¬ 
ing up on the production side. You can 
also enforce requirements on the con¬ 
figuration of the servers and the provi¬ 
sioning of the servers." 

Zend focused on a deploy-anywhere 
approach to cloud, with Zend Server 
offering scaling and provisioning of new 
servers. Elsewhere, however, PHP 
PaaS means public cloud. 

Engine Yard, for example, has long 
hosted its own Ruby-on-Rails PaaS in 
Amazon's E lastic Compute Cloud. So it 
makes sense that Orchestra (the PHP 
PaaS company E ngine Yard acquired in 


August) is also based on Amazon Web 
Services. 

PHP's obstacles 

M ichael Piech, vice president of prod¬ 
uct management and marketing at 
E ngine Yard, said that PHP remains an 
appealing language for enterprises, 
even though it's not as "cool" as Ruby. 
H esaid that while Ruby growth is faster 
than PHP, he added that PHP has 
already won much success around the 
world, and thus has less room to grow. 



AppFog’s Lucas Carlson says enterprise 
software companies are underserving PHP. 


According to LangPop.com, a site 
that tracks the popularity of program¬ 
ming languages, PH P is fourth, behind 
C, J ava and C ++, respectively. 

"PH P is an attractive language for a 
couple of reasons," said Piech. "By 
some measures, it's the language of 
something like three-fourths of the 
I nternet. 11 is a language that, by being 
able to offer it in our PaaS, would open 
the door to a whole new set of cus¬ 
tomers." 

Lucas Carlson, CEO of AppFog (for¬ 
merly PH P Fog), said that PaaS for PH P 
is different than for other languages. 
"[PHP] has to run differently than a lot of 
other systems. For example, some sys¬ 
tems are fully multi-tenant, so you share 
the same resources," he said. 

"In some languages, that’s totally 
fine, but because of the constraints of 


PH P and Apache—because PH P loves 
to run with Apache with htaccess— run¬ 
ning a lot of different websites on the 
same server using Apache doesn't work 
as well, so multi-tenant mode for PH P 
is not a good solution. 

"With our system, you can start out 
with a multi-tenant free account, and 
when you want to pay, we give you a 
dedicated machine just for your code. 
Having that seamless transition from 
multi-tenant to single tenant is some¬ 
thing our customers love." 

AppF og, too, uses AWS as the basis 
for its services, though Carlson said his 
team is working to add VM ware's Cloud 
F oundry to its platform and to support 
additional languages through that PaaS 
service. 

Zend too has an AWS offering. The 
company recently reached an agree¬ 
ment with RightScale to offer scalable 
PHP hosting services in Amazon's 
cloud. "We're really seeing demand for 
deployment in a cloud environment," 
said Gutmans. 

That is, perhaps, because PH P is an 
underserved language in enterprise 
software, said Carlson. "I've been a Web 
developer for well over a decade now, 
and [AppFog] really came out of the gap 
I saw between getting Web developers 
into the cloud and getting them the val¬ 
ue they really look for," he said. 

"A lot of people think of the cloud 
for Web as something scalable, reliable 
and easy to use, and that’s not what you 
get when you sign up for a lot of infra- 
structure-as-a-service. So I really start¬ 
ed AppF og as the answer to that ques¬ 
tion for the PH P community. I think it's 
one of the most underserved communi¬ 
ties in the cloud. 11 has the fewest tools 
and the fewest number of companies 
trying to serve those needs." 

Though there are few companies in 
the PHP PaaS game, after a frenzied 
August, it's certain there will now be 
more competition to be the cloud's 
answer to PH P. I 




% Seapine Software" 

Live Quality 


Software quality is in our DNA. For over 15 
years, we've lived and breathed it. The reason 
is simple: Your software affects our friends, our 
families, and ourselves. 

Whether it's the latest video game or a secure 
banking web site or the software that analyzes 
medical test results, we want it to work right 
because we rely on it. 

From our expert Consulting and Agile Services 
teams, to our award-winning application 
lifecycle management (ALM) solutions, to our 
world-class customer support, Seapine has 
helped thousands of companies worldwide 
build, test, and deploy quality software. 

Go with Seapine, and get serious about 
software quality. 


www.seapine.com 






jQueiY 



5 

MEET THE NEW WEB STACK 


From WebForms to MVC 

Our new web stack is the ultimate kit for web development. 
We have tools that range from WebForms to MVC and from 
pure client-side to robust server-side development all 
powered by our core technology: Wijmo. 



ComponernOne' ComponeriiOiW 

Studio** mvc wijmo 5tudiOforASP.NET wijmo 



Wijmo Scaffolding in MVC 
plus Client-side jQuery Ul Widgets 



Full-featured ASP.NET Server-side Controls 
pfos ASP.NET Ajax Extender Controls 


DOWNLOAD YOUR FREE TRIALS <3 

componentone. com/we bstack 


ComponentOne' 


D nil^iv iiiib^vILC. i«fJii uwtaMil.in wahm 

























www.sdtimes.com i October 2011 i SD Times 


NEWS , 25 


i 


Adobe updates 
Flash, AIR runtimes 

Company sees future for technologies in 
gaming, media and data-driven apps 

BY DAVID RUBINSTEIN 

Despite the rise of HTML5, Adobe is continuing to build out 
its Flash and AIR runtimes. The company in September 
announced updates to the runtimes, with equivalent updates 
to the Flex development framework and Flash Builder. 

Among the new features in Flash Player 11 and AIR 3 are 
support for 2D and 3D graphics via full hardware-accelerat¬ 
ed rendering, as well as support for native extensions that 
enable developers to leverage software and hardware capabil¬ 
ities such as data and file access, vibration control, and light 
sensors, among others. So, developers writing apps in Flash 
Builder can pull in native APIs as needed to take advantage 
of specific hardware capabilities. 

Prior to this, developers could not port their applications 
from one hardware device to another without migrating the 
underlying libraries, according to Anup Muraka, director of 
Flash product marketing. 

Further, a new captive runtime feature gives developers the 
ability to automatically package AIR 3 runtimes in the applica¬ 
tions to ease installation on Android, Mac OS and Windows 
systems, as well as iOS, the company said. This eliminates the 
need for users to download and maintain the runtime. 

Flash, according to Muraka, is “on track to be in 130 
smartphones, including the iPhone, and supported by 85 
tablets.” He said estimates show that Flash will be in more 
than one billion devices by the end of 2015, and that desktop 
penetration is still around 98%. And, he added that Flash 
update installations are accelerating. 

“We are not backing off Flash or AIR in any way,” Muraka 
said. “The key metrics for Flash still are growing really well.” 

He did acknowledge that the Web has changed, and has 
grown—via HTML5—to take on capabilities that only were 
available in Flash. “But in certain areas, such as 3D graphics, 
it will take time for them to be consistently available.” 

Muraka pointed to the inability of the industry to agree 
upon a codec for videos to be included in HTML5, meaning 
developers building content have to decide which one to sup¬ 
port, or whether to embed video in their HTML5 application 
at all. 

“At some point, there will be common ground, but we see 
three areas as drivers for growth: gaming, video or media 
apps, and data-driven apps,” he said. 

The releases are due to be publicly available in October; 
the Flash Builder and Flex updates are expected before the 
end of the year. I 
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Fledgling Linux-based device platform falls out of favor 



BY ALEX HANDY 

Intel appears to have all but given upon 
M eeGo. Though the company has not 
officially announced it's ending devel¬ 
opment for the Linux-based tablet and 
PC platform, sources inside the compa¬ 
ny and the MeeGo project have con¬ 
firmed that I ntel has no plans to contin¬ 
ue funding M eeGo events and classes. 

The move is another big blow to the 
MeeGo project, following the Nokia 
announcement earlier this year that the 
phone manufacturer would support the 
Windows Phone platform on its 
devices. In September, Intel CEO Paul 
Otellini took the stage at his company's 
developer conference and did not men¬ 
tion MeeGo at all. Last year, his 
keynote included a great deal about 
MeeGo and outlined Intel's plans for 
the platform. 

This year, the tablet news from I ntel 
was about Android. Google 
teamed up with Intel to 
announce optimizations for 
Android on I ntel chip sets. Andy Rubin, 
senior vice president of mobile at 
Google, said, "Combining Android with 
Intel’s low-power smartphone road map 
opens up more opportunity for innova¬ 
tion and choice. This collaboration will 
drive the Android ecosystem forward." 

Otellini was bullish on Android in his 
keynote speech. "By optimizing the 
Android platform for Intel architecture, 
we bring a powerful new capability to 
market that will accelerate more indus¬ 
try adoption and choice, and bring excit¬ 
ing new products to market that harness 
the combined potential of I ntel technol¬ 
ogy and the Android platform. Together, 
we are accelerating Intel architecture 
and bringing new levels of innovation to 
a maturing Android platform." 

Long road to failure 

Those statements mark quite a change 
from 2009, when I ntel and N okia began 
pouring over US$100 million into 
events, hardware giveaways and global 
developer meet-ups for the MeeGo 


platform. One such event in Europe 
saw I ntel and N okia renting out a stadi¬ 
um and a brewery for attendee parties, 
with free M eeGo devices all around. 

Though Nokia bowed out on 
MeeGo, it will bring one 
MeeGo device to market in 
October: the N9. The device 
has been receiving excellent reviews, 
even before its release, but even if it 
succeeds, Nokia has no plans to intro¬ 
duce follow-up devices, say sources 
close to the company. 

For its part, Intel public relations 
issued a terse, one-sentence statement 
to SD Times, saying, "We're committed 
to M eeGo and continue to work with the 
community to develop and help meet 
the needs of customers and end users 
with open source." But I ntel’s actions at 
its D eveloper F orum spoke louder than 
the words in the brief statement. 

This year’s Intel developer confer¬ 
ence stretched over three stories of the 
M oscone West convention center. The 
first floor played host to registration 
and the expo hall, while second and 
third floors were for talks and technol¬ 
ogy demonstration kiosks. Within those 
kiosks, I ntel showed hot new laptops, 
home entertainment systems, high-end 
gaming PCs and all manner of devices 
powered by their chips. And yet, 
among all of their cutting-edge tech¬ 


nology, the only tablet on display was 
running Windows. 

On the expo floor, MeeGo held no 
sway, either. Under the Intel banner, 
only two devices were running M eeGo, 
and both were netbooks. All of Intel's 
beta tablet hardware, which it was so 
fond of giving away to developers, were 
running Android or Windows on the 
show floor. The only M eeGo tablets on 
display were in third-party booths as 
demonstration platforms for software. 

Additionally, the conference itself, 
which offers more than 200 talks and 
sessions for developers, included only 
two MeeGo sessions, both of which 
combined for less than two hours of 
talk time. During the MeeGo deep¬ 
dive technical talk, the focus was on 
writing HTM L5 applications, and then 
wrapping them for sale in Intel's 
AppUp application store. No time was 
given to the actual M eeGo OS, or the 
specifics of its development. The clear 
message, said one attendee, was that 
you shouldn't build for MeeGo; you 
should build for the Web. 

During this same MeeGo deep-dive 
talk, I ntel employees repeatedly claimed 
that Intel was still supporting the plat¬ 
form, and that such support would not be 
going away in the future. Flowever, the 
same talk also demonstrated methods for 

continued on page 28 ► 
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Intel appears to 

◄ continued from page 26 

building cross-platform HTM L 5 applica¬ 
tions, and then deploying them to Win¬ 
dows, M eeGo or another Linux distribu¬ 
tion instead of focusing on simply 
building native M eeGo applications. 

Meanwhile, Intel, which had been a 
strong backer of the platform, appears to 
have pulled way back on its support for 
MeeGo events. After Intel footed the 
bill for a large M eeG o developer confer¬ 
ence in San F rancisco's posh H yatt hotel 
near the downtown Ferry Building in 
M ay, it has decided not to sponsor a 
MeeGo summit in Malta, and global 
meetups have begun to scale back as 
well. The popular Portland meetup, 
headed by an I ntel employee, has gone 
MIA after skipping July. Future meet¬ 
ings of this group appear to be ad hoc 
now instead of on a regular schedule. 

Dawn Foster, the Intel employee 
responsible for the Portland meetups, 
replied to an SD Times inquiry with an 
e-mail stating, "I checked with our PR 


let go of MeeGo 

people, and it looks like we aren't really 
doing interviews for M eeGo right now." 

MeeGo keeps going 

The apparent end of Intel's support of 
M eeGo is not the end of the road for 
the platform. The development com¬ 
munity around MeeGo continues to 
release patches and updates. But the 
egress of I ntel from the platform is only 
one of its many problems. 

For months now, the M eeGo devel¬ 
opment team has been fighting with the 
Linux Foundation over control of the 
MeeGo.com domain name. The 
MeeGo development community has 
been pushing a new service, 
apps.MeeGo.com, and has run into 
conflict with the Linux Foundation 
over restrictions it has placed on the 
usage of that sub-domain. The M eeGo 
team even went as far as registering its 
own domain name, ForMeeGo.com, 
and set up apps.ForMeeGo.com as a 
workaround. 


In a statement to SD Times, a 
spokesperson for the L inux F oundation 
said, "There hasn't been any update 
since early August. We are supportive 
of the M eeGo Apps community and are 
working with them." 

On the M eeGo side of that dispute, 
David Greaves, an open-source devel¬ 
oper and contributor to the MeeGo 
project, laid out the situation on the 
MeeGo developer's mailing list. "The 
Linux Foundation have told us in pri¬ 
vate conversations that they will not 
permit apps.MeeGo.com to be served 
from the MeeGo.com infrastructure 
hosted by them. They do not have the 
resources at this time to provide a state¬ 
ment giving their reasons. We cannot 
assess what other services may be 
impacted in the future," he said. 

But M eeGo, as a project, is sure to 
carry on. The developers on the project 
have continued to submit patches and 
push the platform forward with 
updates. Though it has now lost its two 
biggest corporate sponsors, M eeGo still 
has a loyal following of dedicated devel¬ 
opers. I 
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Component suppliers react to Windows 8 

New products are being designed for the Metro user interface 


BY DAVID RUBINSTEIN 

Relax, Windows developers. While 
Microsoft unveiled Windows 8 with 
Metro at last month's BUILD confer¬ 
ence, many of the company's partners 
are getting the word out that the new 
release won’t break everything, and that 
their familiar Ul tools will still work 
with the new platform. They also 
reminded developers that Windows 8 is 
the future, but work still needs to get 
done today on proven, stable, existing 
platforms. 

Telerik vice president Doug Seven 
blogged that you won't have to throw 
away your WPF and Silverlight applica¬ 
tions, because "the world didn't end for 


you" at BUILD. He went on to point 
out that Windows 8 has two sides— 
Metro and desktop mode—and that 
they do not play well together. H e said 
that there are some applications that 
should never be styled for M etro, and 
others that should be styled only for 
M etro. 

To address that, Seven indicated 
that Telerik will be releasing "in the 
future" a Ul toolkit with desktop 
mode controls, and a toolkit with 
Metro-style controls. In some cases, 
he wrote, these will be the same or 
similar. 

ComponentOne has demonstrated 
that its Wijmo Charts can be rendered 


in a Metro-styled application, and it 
noted with excitement the existence of 
a JavaScript category in its Visual Stu¬ 
dio Project Templates. Wijmo is Com- 
ponentOne'sJavaScript Ul library, and 
the demo can be seen on the company's 
website. 

With the introduction of Metro 
styling in Windows 8, DevExpress ran 
a contest to rename its WinF orms skin. 
Its favorites? Metropolis, Chromeless 
and Clarity. The winner gets a copy of 
Visual Studio 2011 Ultimate. The 
Metro-themed skin, along with touch 
support, will be available in DXperi- 
ence v 2011 vol 2, according to D evE x- 
press'Julian Bucknall. I 
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A new Tab control has been written natively for WPF. 


BY DAVID RUBINSTEIN 

Binarymission last month released 
BinarySmartNavigator.NET as part of 
an update to its UIControlSuite.NET 
V18 suite of Microsoft .NET-based 
components for WinF orms, Windows 
Presentation Foundation, Silverlight 
and Windows Phone 7. 

BinarySmartNavigator.NET pro¬ 
vides a more modern way to present 
scrollable content in .NET applications. 
According to the company, the package 
includes a modern ListBox control that 
enables users to scroll across items and 
pages, rather than displaying data in tab 
pages or traditional listboxes. 

BinarySmartNavigator.NET also 
uses buttons and circles to indicate 
the next items to scroll to or select. 
Also new is a WPF Tab control; both 
new controls have been written 
natively for the WPF framework, the 
company said. 

Among other enhancements in 
U IControlSuite.N ET V18 are new sup¬ 


port for Office 2010-style Backstage 
views in the WPF Ribbon control, five 
new transition effects in the Slideshow 
control, and new support for zooming 
and panning from out of the box in the 
Flowchart/Organization chart. The lat¬ 


ter chart now also supports an out-of- 
the-box printing facility. 

UIControlSuite.NET V18 costs 
US$2,000 per developer; evaluation 
versions are available for download on 
the binarymission.co.uk website. I 
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Driving higher value from 



BY LISA MORGAN 


■■"■development managers looking 
■■to improve processes may nev- 
■■„■■" ertheless struggle with some of 
the fundamental things, like builds. 
Although build automation is common, 
optimizing builds and related processes 
involves more than that, technologically 
and organizationally. 

Build management and continuous 
integration have builds in common, 
which is why solution providers say the 
two are sometimes confused. In a build 
management context, a build is an end in 
itself. The goal is to create a solid, 
repeatable build that will be deployed to 
environments other than development. 

In a continuous integration context, 
builds help determine whether one 
developer's code changes will negative- 



ly impact the code changes of 
other developers. It is a means 
to an end, rather than an end 
itself, since the goal of continu- 
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ous 

id fe 

integration is to provide rap- 
:edback to the team. 
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“Build management is about control 
and knowing what went into a build. 
That way, if you get audited, you can 
prove what you say,” said E ric M inick, 
lead consultant at UrbanCode. "Con¬ 
tinuous integration allows you to deliv¬ 
er software faster with fewer defects. I n 
both cases, you're getting source code 
out, but with continuous integration 
you're not holding onto the things you 
build, unlike build management." 

Jez Humble, a principal consultant 
atThoughtWorks, considers build man¬ 
agement "strongly linked" to continu¬ 
ous integration because continuous 
integration moves builds along. Despite 
the throwaway character of continuous 
integration builds, he and others 
believe continuous integration should 
be managed with the same rigor as 
build management. 

Tracy Ragan, COO of OpenMake, 
said part of the confusion between build 
management and continuous integration 
has to do with the definition of a build. 
Today, people are thinking more about 
workflow than about compiling. 

"Historically, builds involved a 
process of assembling binaries or a make 
process in C or COBOL using a GNU 
M akefile," said Ragan. 'Today, it's not 
uncommon to jump to a higher order 


rather than thinking about compiling." 

Developers look to software-config¬ 
uration management (SC M ) tools to do 
checkout, then find someone to execute 
an Ant file and do the testing, but 
they're not thinking about compiling, 
she said. I nstead, developers should be 
working as a team to check in source 
code and automate compiles because 
the build will break. "It has to do with 
assembling and linking," she said. 

While developers want to execute 
builds more frequently, they may be 
prevented from doing so if they're 
using non-dynamic scripts. 

"Continuous integration is a fancy 
[name] for automated check-out, call¬ 
ing an Ant script and, if you're success¬ 
ful, calling a testing tool," said Ragan. 
"You're using the same build script as 
before—Ant or M ake—but it’s still 
the same script. You need some- 
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thing more dynamic." 

I t's also important to ensure that the 
source code checked into a repository 
can compile. Apparently, some enter¬ 
prise teams are executing builds in 
M icrosoft Team Foundation Server or 
Subversion, but they're checking in 
code without knowing whether or not it 
will compile. 

"We take builds first," said Ragan. 
"We know versions of components, 
then make sure the build and the repos¬ 
itory are in sync. Otherwise, you'll end 
up with different versions of compo¬ 
nents that break at runtime." 

Why separate builds? 

Electric Cloud considers continuous 
integration to be a subset of build man¬ 
agement, since the problems are similar 
and continuous data is important to 
both of them. After all, many develop¬ 


ment managers consider it a best prac¬ 
tice to require developers to integrate 
their code at least once a day, followed 
by a nightly build. 

"We encourage customers to view 
continuous integration and build man¬ 
agement in the same way. Why do 
builds differently?" said Anders Wall- 
gren, CTO of Electric Cloud. "[Grant¬ 
ed,] some tests I would run in build 
management I may not [run] in contin¬ 
uous integration," he said, but added 
that the processes should not be radi¬ 
cally different. 

Others are also questioning why 
there should be two separate builds 
even though the artifacts created by a 
continuous integration build are 
assumed to be disposable, while the 
builds created by a build management 
system are not. 

UrbanCode's Minick said that since 
continuous integration has moved 
beyond builds and unit tests to include 
functional tests and 


deployment to testing environments, it is 
now necessary to hold onto the files so 
they can be pushed elsewhere. Thought- 
Works' H umble agreed, saying binaries 
should be built once rather than rebuilt. 
E lectric C loud encourages its customers 
to think of builds, testing, and deploy¬ 
ment as three separate problems. 

"It's impossible for developers to 
compile one way and then for produc¬ 
tion to compile another way. Compiling 
and linking is the process of creating 
binaries," said Ragan. "Production 
should be able to repeat the same 
build as developers. The operations 
person must be able to recompile 
source code, [which] needs to be 
consistent between developers and 
operations." 

From an application life-cycle 
management standpoint, it is impor¬ 
tant that the binaries in production 
match source code to withstand a 
build audit. 

"Continuous integration 
services execute Ant or M ake 
scripts and have knowledge about 
source code, but they don't tell any¬ 
one," said Ragan. "Repeatability 

continued on page 34 ► 
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is a huge factor. You need to build fast 
and consistently and have a report that 
shows you what has been done." 

Continuous integration is expanding 

Some solution providers are stressing 
workflows, because in addition to builds, 
the continuous integration capabilities of 
their products include unit tests (at a 
minimum), other types of tests, and, 
increasingly, deployment to test environ¬ 
ments. Because time is always of the 
essence, there is a push to dissolve tradi¬ 
tional role-based barriers that lower soft¬ 
ware quality and impede release velocity. 

"I t's important to make sure you have 
control from check-in to release because 
you need traceability of what’s being 
released," said ThoughtWorks' 

H umble. 

Continuous integration began 
with builds and unit testing, 
although some solution providers 
have also added continuous deploy¬ 
ment capabilities. Although the 
exact terminology and philosophy 
may differ from solution provider 
to solution provider, the words 
"build, test and deploy" are com¬ 
monly used. 

"If you’re a production organization, 
you have to think of all three things; if 
you're not, you're missing something,” 
said Electric Cloud's Wallgren. 

Build-test-deploy automation on an 
end-to-end scale is meant to enable 
new levels of efficiency that were previ¬ 
ously difficult, if not impossible, to 
achieve by automating only builds or 
only builds and tests. 

"Because companies are building 
projects frequently and moving them to 
QA, they are deploying on a more fre¬ 
quent basis," said Jason van Zyl, CTO of 
Sonatype, which makes commercial 
versions of open-source build and con¬ 
tinuous integration tools. "The more 
you can automate, the better. 
The addition of continuous 
deployment is also fixing test¬ 
ing because you don't have to 


set up instances. Otherwise, it's hard for 
testers to get hold of a running instance 
to test against." 

U rbanCode had been providing con¬ 
tinuous deployment capabilities in 
AnthillPro, but the company recently 
announced it was bifurcating the con¬ 
tinuous integration and continuous 
deployment capabilities into two sepa¬ 
rate products: UrbanBuild and Urban- 
Deploy, respectively. The products are 
part of UrbanCode's new DevOps Plat¬ 
form, to which other products will be 
added later this year. 

"Some people wonder why, if they 
have H udson, they would need a com¬ 
mercial continuous-integration prod¬ 
uct," said UrbanCode's M inick. "The 



‘[For Cl to work], you need 
to build fast and 
consistently and have a 
report that shows you 
what has been done.' 

— Tracy Ragan, OpenMake 




developers, so it's developer-centric,” 
said Wallgren. "In the beginning, con¬ 
tinuous integration may work for every¬ 
one—or no one—depending on how it's 
being implemented. It's easy to miss 
out on early integration, QA and the 
flows you eventually go through." 

The addition of continuous deploy¬ 
ment is forcing organizational changes 
because it requires collaboration among 
development, testing and operations. 
According to ThoughtWorks' H umble, 
continuous deployment sometimes 
scares people because it forces develop¬ 
ers and operations to work together. 

"Continuous deployment requires 
collaboration among development, test¬ 
ing and operations," he said. "While it’s 
common to have sepa¬ 
rate testing and separate 
operations, if you really 
want to deliver high- 
quality software quickly, 
you have to automate 
more than just builds. 
You have to automate 
testing and deployment." 


answer is it addresses a larger vision of 
continuous integration beyond builds, 
provides enterprise-level scalability and 
security, and is designed to handle real¬ 
ly hard problems." 

E lectric Cloud's Wallgren said that it 
is not uncommon to see "huge percent¬ 
ages" of CruiseControl, Hudson and 
Jenkins, even in organizations that have 
commercial build and SCM teams. 

A recent survey of 1,600 developers, 
sponsored by Oracle and Sonatype, 
revealed that 75% are using or have 
experimented with Hudson. Eighty- 
three percent have open-source tools 
such as E clipse, H udson, M aven, M aven 
Central and Nexus in their environ¬ 
ments, but the lack of tool integration 
and governance remain a challenge. 
Sonatype's enhanced and supported ver¬ 
sions of M aven (build management) and 
Hudson (continuous integration) 
address those and other issues. 

"Continuous integration has 
been set up by developers for 


Myopia limits value 

Viewing continuous 
integration in an overly 
narrow context can limit the value real¬ 
ized from tools and practices. 

"A lot of people think continuous 
integration starts and stops with builds. 
If they believe that, they're not getting 
bang for their buck," said Electric 
Cloud's Wallgren. "You need continu¬ 
ous builds, integration and testing." 

H umble also thinks limited thinking 
leads to limited value. However, in his 
view, "limited thinking" means thinking 
of continuous integration as a tool 
rather than a practice. 

"One big mistake people make is they 
install a tool thinking that continuous 
integration is just going to happen. That's 
just not true," H umble said. "Continuous 
integration is a developer practice of 
checking into a trunk or main line at least 
once a day and preferably more often." 

Having a tool-centric mindset can 
lead to other problems, not the least of 
which is discovering later that the tool 
is substandard, overly sophisticated, or 

continued on page 36 ► 
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simply not the right tool for the team or 
enterprise. To avoid buyer's remorse, 
think first. 

"Set a goal to improve quality or 
reduce cycle time and make sure it's 
measurable/’ said Humble. "Do a 
proof-of-concept and choose the right 
pilot team, because it's a bad idea to 
choose a pilot project that is something 
unimportant. You're better off choosing 
something strategic, realizing it will 
take more time to implement." 

Although continuous integration 
systems necessarily support unit tests, 
some have expanded to include func¬ 
tional tests, performance tests, inte¬ 
gration tests, security scans and more. 

'The only way teams are going to be 
successful is if they're doing test-driven 
development," said H umble. "You need 
to make sure test coverage includes 
those things most likely to change and 
that your tests are protecting the highest 
value part of the system. If you want to 
do test-driven development, you have to 
do unit tests and performance tests." 

Just make sure the right things are 
being tested. One organization out¬ 
sourced its test case implementation 
with the goal of achieving 80% test cov¬ 
erage. The test coverage went up, but 
because the tests were calling methods 
but not validating them, the outcome 
was useless. 

"Continuous testing is an important 
part of continuous integration," said 
Electric Cloud's Wallgren. "Although 
compiling and smoke testing are good, 
you have to bring other tests into the 
pipeline like systems tests, performance 
tests and uptime testing." 

Are preflight builds important? 

Solution providers are divided about 
the value of preflight builds. Those in 
favor say preflight builds can reduce 
the number of broken builds; those not 
in favor say they may be a waste of time. 

Part of the debate stems from the fact 
that preflight builds are often executed 
on developer machines that may bear lit¬ 
tle or no resemblance to other environ¬ 
ments. Also, the source code may 
have changed as a result of other 
developer integrations. One solu¬ 


dtSearch* 


tion is to execute preflight builds on a 
centralized system, although some say 
developers will nevertheless continue to 
run builds on their own machines. Cen¬ 
tralization may also imply that the organ¬ 
ization does not trust developers. 

"P ref I i ght bu i I ds are advantageous to 
enterprise environments because you 
want to know early in the life cycle 
what's failing," said Wallgren. "It 
becomes a diagnostic tool." 

UrbanCode's Minick considered 
preflight builds beneficial to only a 
minority of users because instead of 
committing work into the same stream 
as everyone else, developers are doing 
side builds that are not shared. 

"[Preflight builds] kind of run count¬ 
er to continuous integration," he said. 
“They are awesome for a few, but 
counter-productive for the majority." 

Becoming more sophisticated 

M ost shops are automating builds using 
scripts, sophisticated systems, or some¬ 
thing in between. As the needs of the 
organization mature, so does the choice 
and use of tools. 

"You may start by using Ant, M ake or 
MSBuildtoruna regular cron test [a test 
that measure's a program’s ability to 
schedule tasks],'' said M inick. "You need 
to get source code out, and your script 
may [send notification] e-mails or not. 

"As time goes on, you add other 
things that are increasingly difficult to 
build until you have a homegrown sys¬ 
tem that's been built organically based 
on a need. The problem is, you're com¬ 
peting with Hudson and solutions like 
ours [that reflect user feedback]. You 
only have you." 

Another problem is that scripts can 
become outdated, but developers nev¬ 
ertheless continue to add to them. 
Without refactoring, complexity and a 
lack of reliability can become issues. 

"It goes back to infrastructure," said 
Humble. "It's all code. Scripts need 
refactoring." 

Complexity can also become a prob¬ 
lem if a system is built in-house because 
there are usually multiple products run¬ 
ning multiple builds, and virtual 
machine flexibility has not been con- 

continued on page 38 ► 
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◄ continued from page 36 

templated. One person writes scripts, 
someone else adds more scripts, but 
there is no real architecture, no securi¬ 
ty, and no fault tolerance. 

"At any point in time you need a solu¬ 
tion that’s custom-tailored to what you're 
doing today,” said Wallgren. 'The prob¬ 
lem with multiples is that you have mul¬ 
tiple teams and platforms compounding 
builds, which gets fragile." 

Having a mix of automation and 
helper scripts in place may be acceptable 
at first, but enterprises tend to require 
reliable and predictable build systems. 
The adoption of those systems should 
contemplate the needs of 
multiple roles, not just 
developers or build mas¬ 
ters, given the expanding 
scope of automation. 

"When you bring in a 
build system you [should 
involve] developers, pro¬ 
duction and operations, 
so they can all agree on an 
automation strategy and 
jointly create a fast, accu¬ 
rate process," said 
M inick. "You're also going to want to 
consider the data center because devel¬ 
opers won't tolerate time delays." 

Group strategy is a sophisticated 
concept, however. For one thing, the 
engineers assigned to a particular task 
are used to thinking about tools from 
the standpoint of their own use, not the 
effect the tools might have on other 
roles or the software organization at 
large. Those whose job it is to get soft¬ 
ware into production necessarily care 
about stability, the quality of the build, 
and the deployment system. When the 
build-test-deploy phases are tied 
together, developers have to care too. 

The need for cross-functional collab¬ 
oration stems from the challenges enter¬ 
prises have been facing. When one role 
optimizes a process, it creates pressure 
on downstream functions. For example, 
automated builds can affect testing, and 

- 1 continuous integration can impact 

deployment. The 
resulting bottle- 

-* necks tend to be 

solved based on the 



level of pain they are causing, but the ad 
hoc fixes may not prove to be the best 
choices in the long run. 

"If you're solving one problem at a 
time, it can blow up in your face," said 
Wallgren. "If you use an agile model as 
a way of thinking to process changes, 
you’ll start with a hypothesis, test it, and 
match the outcome with the hypothesis 
so you can know quickly whether you're 
[focusing on] the right thing." 

Meanwhile, there is an increasing 
focus on parallel builds and parallel 
testing, which can result in infrastruc¬ 
ture-related issues. For builds, the 
source-code dependencies must be 


understood, and the compilers and 
linkers must be able to be called in a 
multi-threaded mode. Parallel tests are 
executed on multiple machines, which 
assumes availability. 

"If I'm orchestrating systems that 
require resource acquisition, I can 
reroute machines using virtual 
machines, but practically speaking, I 
may find the process is too complex," 
said Wallgren. "If I'm a smaller compa¬ 
ny, I 'll stay manual; if I'm a large organi¬ 
zation, I'll throw bodies at the problem 
and build an infrastructure that enables 
me to execute a build on multiple 
machines. Three to four years ago, you 
had to do all that yourself." 

Because build utilities, tools and sys¬ 
tems tend to be adopted as needed, 
over the long term, enterprises may 
face challenges as the needs of teams 
and the needs of the enterprise need to 
be balanced. Some solutions may work 
against Subversion while others may 
not. One team may be developing in 
Java while another is developing in 
.NET, yet both need to be supported. 


"Differences in tools, workflow 
engines, user interfaces and security are 
very real challenges," said M inick. 
"What happens when something breaks? 
Who’s responsible for maintaining the 
hardware? Who's responsible for the 
SLA? When you’re thinking in enter¬ 
prise terms, all of that matters." 

Operations may provide hardware 
that includes solid, consistent configu¬ 
ration management. The hardware may 
be managed by operations, while the 
continuous integration systems are 
managed by individual teams. 

"E nterprises need to be able to take 
components and blend them into a con¬ 
tinuous integration system that 
can handle them," said H umble. 
"If the system is designed in such a 
way that I can manage my envi¬ 
ronment centrally, but create 
groups and give administration 
rights to teams, then I'm in a bet¬ 
ter position to support the way 
people work. In the meantime, the 
standardization saves costs and 
ensures consistency." 

To increase ROI, use tools wisely 

Even when enterprise-grade continuous 
integration solutions are in place, their 
value depends on their use. 'The num¬ 
ber one mistake made is failing to pay 
attention to what the system is telling 
you," said Wallgren. "You need to break 
the cycle of brokenness by making it 
socially unacceptable [to ignore system 
feedback]. Sloppy check-in practices can 
cost everyone else who is syncing. 
Because the cost of sloppiness is so 
great, root-cause analysis is important." 

For example, if cascading build prob¬ 
lems become obvious, that suggests that 
the code should be modularized, he said. 
That, in turn, gets developers thinking 
about how to better manage code. 

H umble stressed the need for train¬ 
ing and organizational buy-in. To 
implement best practices, people in the 
organization need to understand what 
the best practices are. 

"If you don't have training and buy-in, 
you'll end up with green builds but no 
tests or red builds, and no one cares," he 
said. "It's easy to get around [doing best 
practices] if you don’t want to do them." I 


‘Continuous deployment 
is fixing testing because 
you don't have to 
set up instances.' 

—Jason VanZyl, Sonatype 
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Cloud computing: 

The macro 



What do legislators, 
environmentalists, 
hackers and futurists 
have to say? 

BY ALEXANDRA WEBER MORALES 






W ith the growing acceptance of cloud 
computing as the next disruptive 
technology after the Internet, sensa¬ 
tionalism around data-center colocation risks 
abound (though stories about FBI raids and 
seizures often apply to traditional Web-hosting 
setups, not utility computing). 

That said, a recent seizure of data-center 
servers that were leased to a reseller made it 
clear that how vendors communicate these prob¬ 
lems to their customers is of the utmost impor¬ 
tance. Two small, affected websites offering 
bookmarking services (I nstapaper and Pinboard) 
took slightly different approaches to blogging 


about the problems. The latter was clear, concil¬ 
iatory and offered information on how to close 
out accounts, given that user data was possibly in 
the hands of the FBI (though the seizure had 
nothing to do with either of these services). The 
former was pugnacious and rambling. 

Granted, neither party really knew the why or 
how of the seizure, and D igitalOne, the Web-host¬ 
ing reseller, didn't seem to know much more. U Iti- 
mately, while these events may be rarer than pow¬ 
er or network outages, they require the same 
architectural concern for redundancy and failover. 

Pinboard has demanded to see the FBl’s war¬ 
rant to confirm that the seizure of an enclosure 





that included their main database server 
had nothing to do with them. It also 
promises to make the already simply 
designed site (scripted in PH P and Perl, 
with MySQL for data storage, Sphinxfor 
search, and Amazon S3 to store back¬ 
ups) more resilient to data-center down¬ 
time. On the plus side, the raid has 
resulted in more press and prominence 
than Pinboard might otherwise get. 

When it comes to data-center assets, 
however, enforcers are interpreting 
search-and-seizure laws with the cre¬ 
ativity of a bebop soloist. Virtualization, 


data caching and multi-tenant applica¬ 
tions will only make things worse, more 
likely for small customers cutting cost 
corners with shady neighbors than large 
corporations who have crafted careful 
hosting or hybrid cloud strategies. 

Will the cloud be legal? 

"The big issue is that the laws are really 
outdated," said John Rhoton, author of 
"Cloud Computing Architected" and 
"Cloud Computing Explained: Imple¬ 
mentation H andbook for E nterprises." 
'They barely cope with the Internet, 


and don't cope with cloud computing at 
all. On the Internet, data can go any¬ 
where. Copying a file from your house 
to your neighbor's might be routed 
through several foreign countries." 

Questions around location, jurisdic¬ 
tions and conflicting requirements are 
hurdles that legislators and industry 
regulators will have to overcome soon. 

Reform efforts aim to do just that. 
The E lectronic Communications Privacy 
Act, enacted in 1986, determines when 
law enforcement could tap into electron- 

continued on page 42 ► 
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◄ continued from page 41 

ic communications, protecting the priva¬ 
cy of those using wireless devices, e-mail 
and the I nternet. Since its passage, how¬ 
ever, it has not been updated. 

TheCloud Computing Act of 2011 is 
another proposal to deal with the tran¬ 
sitory, transnational nature of commu¬ 
nications and data in the cloud. It 
determines escalating criminal penal¬ 
ties for hacking into cloud services 
depending on whether single comput¬ 
ers are breached or full-scale botnet 
warfare occurs. It also addresses data 
storage across national borders. 

Will the cloud be global? 

Within the E uropean U nion, stringency 
around data storage and privacy is caus¬ 
ing consternation for American cloud 
vendors, and it may be the reason their 
interest in deploying to the cloud lags 
far behind that of those in America. 

"E urope has a history of really strict 
privacy laws," said Rhoton. ‘I n Austria or 
Germany or F ranee, the regulations are 
strict and things tend to be more 
bureaucratic. Here in Austria, on my 
own phone bill, I can’t see the full phone 
numbers of the people I've called.” 

An organization called EuroCloud is 
trying to clarify legislation for software 
vendors and companies that might use 
the cloud, Rhoton explained. Else¬ 
where in the world, there are countries 
that will not have the infrastructure 
required anytime soon. Asian interest 
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in the cloud could well be a reaction to 
American needs and a sign of out¬ 
sourced activity, Rhoton surmised. 

But the E U is aware that it needs to 
push businesses toward the cloud, going 
so far as to incorporate it into the D igital 
Agenda, E urope's strategy for fomenting 
a healthy digital economy by 2020. 

"EuroCloud is using its growing 
influence to encourage industry and 
government to adopt cloud services and 
set the correct parameters around reg¬ 
ulation and interoperability. At the 
same time, the industry needs better 
infrastructure, more skills and lower 
barriers to enhance market success," 
said EuroCloud president Pierre-Jose 
Billotte. “The success of this year's 
EuroCloud Congress shows a growing 
awareness of the benefits of cloud com¬ 
puting that will help motivate invest¬ 
ment in these areas.” 

According to the European Com¬ 
mission's I nformation Society, E urope's 


Due process for the cloud 

In light of the FBI's data-center seizure, the Digital Due Process Coalition ("moderniz¬ 
ing surveillance laws for the digital age") seeks a few targeted updates rather than a 
full rewrite of search-and-seizure laws, based on the following principles: 


■ Technology and plat¬ 
form neutrality: no dif¬ 
ferences in protection 
of private communications or other 
data regardless of whether it came 
from a mobile phone or a cloud-based 
application 

■ Assurance of law enforcement access 

■ Eguality between transit and storage; 
this is currently a tricky area, where 
data can receive different treatment 
depending on where in its life cycle it 
was intercepted 


■ Consistency: "The 
content of communica¬ 
tions should be protect¬ 
ed by a court order based on probable 
cause, regardless of how old the commu¬ 
nication is and whether it has been 
'opened' or not." 

■ Simplicity and clarity 

■ Recognition of all existing exceptions: 
"...such as provisions allowing disclo¬ 
sures to the government without court 
orders in emergency cases." 


DIGITAL 

HjTTSlIT^ 




IT investment levels are less than half 
that of America's. Among the proposals 
to push cloud improvements are creat¬ 
ing large-scale pilots as proofs-of-con- 
cept, and increasing Internet speeds to 
at least 30M bps for all households (with 
at least 50% able to achieve 100M bps) 
to match rates in Japan and South 
Korea. Though pundits have predicted 
that Europe may leapfrog American 
development in the cloud due to a lack 
of legacy-application drag, the infra¬ 
structure, investment and privacy hur¬ 
dles indicate otherwise. 

Will the cloud be private? 

While small and medium-sized busi¬ 
nesses are deploying to the cloud with 
few compunctions (and often under 
duress from investors unwilling to 
finance another data center), big corpo¬ 
rations are taking things slower. If they 
have already invested in on-premise 
infrastructure, there may be no need to 
make the switch. Anecdotally, however, 
private cloud deployments are garner¬ 
ing the most interest, according to 
cloud pundit D avid L inthicum. 

"Private clouds often involve a cloud 
appliance," he said. "It’s a multi-tenant 
environment that offers API s and auto¬ 
provisioning. The private cloud conun¬ 
drum is that it's not different from the 
traditional multi-tenant systems of the 
past." Those systems? M ainframes. 

And big iron could well persist—or 
even shine—in the cloud. While data¬ 
center utilization can be tricky to opti¬ 
mize above 30% even with virtualiza¬ 
tion and workload tools, mainframes 
tend to run at over 80% of capacity. 

In fact, IBM now claims that, com¬ 
pared to server farms, the newest main¬ 
frames cost less to power and cool, and 
take up less space. Since 2009, the com¬ 
pany has been offering private cloud 
computing on IBM System z main¬ 
frames: The zEnterprise all-in-one 
mainframe comprises the zEnterprise 
196, the zEnterprise Unified Resource 
Manager and the zEnterprise Blade- 
Center Extension, and can run up to 
100,000 virtual machines. The analyst 
group ITCandor predicted that main¬ 
frame and U nix machine sales will grow 

continued on page 47 ► 
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The cloud who loved me 

International espionage is another threat, with known attacks such as Aurora, which 
came from China in 2010 and targeted American companies such as Google via 
browser-level flaws. Testifying before a Congressional hearing on the benefits and 
risks of moving Federal IT into the cloud, Microsoft corporate vice president for trust¬ 
worthy computing Scott Charney emphasized the Microsoft Security Development 
Lifecycle, which has often been criticized as mere marketing. He also touched on the 
need for standards, certification and a national strategy 
for trusted identities in cyberspace. 

In other forums, Charney has proposed applying a 
public health model to cybersecurity. "Just as when an 
individual who is not vaccinated puts others' health at 
risk, computers that are not protected or have been com¬ 
promised with a bot put others at risk and pose a greater 
threat to society," he said. 

According to Charney, examples of collective defense 
against espionage, warfare or international crime rings in 
the cloud include: 

• The International Telecommunications Union's Botnet 
Mitigation Tool Kit 

• Japan's Cyber Clean Center 

• Signal Spam for fighting spam-causing botnets 

• The Finnish Computer Emergency Response Team 
Charney proposed a system of computer health certifi¬ 
cates that are oriented toward privacy, though he found parallels to how governments 
have tackled non-smoking campaigns and "the theory that individuals have a right to 
engage in certain potentially self-destructive activities." Obviously, the philosophical 
complications of ensuring healthy computer networks will not be easy to navigate. 

Nor can such oversight come from a single commercial or government source. For 
independent coverage of cyberspace incursions, look no further than the Canada-based 
Information Warfare Monitor, which has been tracking such events since 2002 out of the 
Citizen Lab at the Munk School of Global Affairs at University of Toronto, as well as the 
SecDev Group, an operational think tank based in Ottawa. In June 2011, the group 
released Breachfest 2011, a series of high-profile information breaches ranging from the 
U.S. Senate to the CIA, while also documenting ongoing Syrian cyberwarfare. I 



Microsoft's Scott Charney 
recommended a collective 
approach to cybersecurity. 


◄ continued from page 42 

this year thanks to the private/hybrid 
cloud market. 

Will the cloud be green? 

The relative efficiency of big iron over 
blades in terms of utilization, power and 
cooling brings up another point: Data 
centers are emitting ever larger amounts 
of carbon dioxide and consuming grow¬ 
ing amounts of power and land. The cost 
to power and cool 100 server racks can 
be in the US$2 to $3 million range. 

The demand for data centers has 
spurred a building boom. Rackspace 
recently began retrofitting an aban¬ 
doned shopping mall as a data center in 
San Antonio, Texas, where nuclear pow¬ 
er will save millions of dollars annually. 

Rackspace's chief technology evan¬ 
gelist Dirk Elmendorf knows how 
important it is in his business to watch 
every cent of cost. The company only 
builds out as much as it will need. 

"There's nothing worse than being 
under the thumb of a lot of cost," he said 
in an interview with blogger Robert 
Scoble. "I think that's a side-effect of our 
nature but also from living through the 
bubble, when people made bad business 
decisions and that kept building on itself. 
It's like being at that blackjack table and 
you keep doubling down, hoping it’s 
going to work out in the end. And for 
most companies, it didn't work out." 

Data-center design too has improved 
under duress. E arly designs (if they can 
be called designs) often oriented servers 
haphazardly, so that the fans of one might 
be blowing hot air into the cooling intake 
of another. I n today’s economy, such mis¬ 
takes can no longer be made. D emand is 
sizzling for dynamic resource manage¬ 
ment software that saves energy and 
improves utilization, consolidating work¬ 
loads and switching off idle servers. 
Researchers out of IBM I ndia have pro¬ 
posed pMapper, a tool that facilitates 
"power and migration cost-aware appli¬ 
cation placement in virtualized systems." 

According to the tool's authors, "The 
current power density of data centers is 
typically around 100 watt per square 
foot and growing at the rate of 15-20% 
per year." Optimizing power manage¬ 
ment alone is a difficult proposition: 


Virtualized platforms manage power via 
CPU idling in the hypervisor, throttling 
and consolidation actions. 

H owever, the authors said, "com¬ 
mercial hypervisors drop all the power 
management actions that are taken by 
the OS. F urther, for multi-tiered appli¬ 
cations, a single VM instance may not 
be able to determine the application 
end-to-end QoS, thus necessitating the 
need for a power management channel 
from the management." This could 
spawn a wave of development around 
intelligent power conservation. 

What's more, the energy consump¬ 
tion implications will become increas¬ 
ingly politicized. According to Green¬ 
peace, an environmental lobbying 
group, "...At current growth rates, data 
centers and telecommunication net¬ 
works will consume about 1,963 billion 


kilowatt hours of electricity in 2020. 
That is more than triple their current 
consumption and more than the current 
electricity consumption of F ranee, Ger¬ 
many, Canada and Brazil combined." 

While data centers bring jobs to rural 
Washington state, they also bring envi¬ 
ronmental concerns—and a depressing 
aerial view of farms interspersed with 
sprawling, diesel-fueled data centers. 
Google has a subsidiary, Google E nergy, 
that resells clean energy from wind farms 
and other renewable sources. 

A 2010 G reenpeace report rated the 
square footage, number of servers, pow¬ 
er usage effectiveness, and percentage 
of dirty and renewable energy data cen¬ 
ters from Apple, Google, M icrosoft and 
Yahoo. With conservationists sensitized 
to the potential impact, it will take more 
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Make your private cloud presentable 

Regardless of whether they live on mainframes or server farms, private clouds can be 
tricky, according to Dustin Amrhein, an Austin, Texas-based IBM WebSphere middle¬ 
ware and cloud specialist. He recommended taking care around the following areas: 

■ Image management: Make sure you have a repository of images and governance 
policies around version control, configuration and image proliferation. 

■ Service management: Define and catalog the services and their SLAs so that users 
throughout the organization can access them. 

■ Self-service access: Set rules around which cloud-based services are automatically 
provisioned and which need oversight. 

■ Meaningful elasticity: Do you know when your system should expand or contract? 
Make sure that scaling in one area doesn't adversely impact something more prof¬ 
itable in another. 


◄ continued from page 47 

than simply using cloud resources for a 
company to label its IT strategy as envi¬ 
ronmentally sound. 

Will the cloud be hijacked? 

The interesting new angle around illegal 
cloud activity is that it may come from 
your multi-tenant neighbors. Amazon 
E C2 has been surreptitiously used to run 
the Zeus password-stealing botnet, and it 
was openly leveraged via a purchased 
account to attack Sony's online entertain¬ 


ment systems. A new wave of attacks 
using cloud services purchased with 
stolen credit-card numbers could come 
now that the FBl's focus on data-center 
hosting has made it riskier for hackers. 

According to M ichigan-based securi¬ 
ty expert Larry Ponemon, "This year, 
malicious attacks were the root cause of 
31% of the data breaches studied. This is 
up from 24% in 2009 and 12% in 2008." 

Fie said that malicious attacks are 
costly because they often go undetect¬ 
ed, require extensive investigations, and 


are hard to remediate. "FI owever, it's 
not always the bad guys doing bad 
things that cause data breaches. It's 
often your best employees making silly 
mistakes. Negligence is still the leading 
cause of data breaches at 41%,'' he said. 

Will the government grow the cloud? 

Regardless of the security risks, the suc¬ 
cess of the U.S. Defense Advanced 
Research Projects Agency in spurring the 
I nternet shows that for all its bureaucra¬ 
cy, the government is still a formidable 
force for innovation. In the last year, 
M icrosoft has provided a secure, private 
government cloud, the Navy is toying 
with public clouds for ship communica¬ 
tions, IBM is supplying the Air Force 
with a "military-grade" cloud, and NASA 
N ebula uses a community cloud to inex¬ 
pensively supply researchers with com¬ 
pute cycles in minutes instead of months. 

According to former federal CIO 
Vivek Kundra's February 2011 cloud 
computing strategy report, "An estimat¬ 
ed $20 billion of the Federal Govern¬ 
ment's $80 billion in IT spending is a 

continued on page 50 ► 
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‘It's not always the bad 
guys that cause data 
breaches. Negligence is 
still the leading cause.' 

—Larry Ponemon 
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potential target for migration to 
cloud computing solutions." He 
noted the poor asset utilization 
(under 30%) of current Federal 
server farms and claimed cloud 
services could increase that rate 
to up to 70%. 

Finally, it's interesting that 
Kundra made the analogy 
between utility computing and 
wells and electricity. Could the day come 
when the cloud infrastructure is as 
important as other amenities? 

What does the future hold? 

Utility computing is just ascending the 
bell curve. In "The Cloud at Your Ser¬ 
vice: The when, how, and why of enter¬ 
prise cloud computing," author Jothy 
Rosenberg predicted that it will affect 
application development in myriad ways, 
from the emergence of application 
frameworks and mashups, to new data¬ 
base storage mechanisms: 

• Application logic and storage will 
migrate to the cloud. 

• "...companies with valuable data 


repositories will offer higher-level serv¬ 
ices hosted on existing clouds, each 
with a unique API." 

• "What most call PaaS (for example, 
Google's App Engine) and its natural 
extension— F ramework-as-a-Service— 
will become the predominant way appli¬ 
cations are constructed in 10 years." 

Linthicum concurred: "I think in 
three years we won’t be as 'hype-y' 
about cloud computing; we'll just bake 
it into the infrastructure. It will be sys¬ 
temic and will be consumed from 
homes and enterprises." He estimated 
that cloud computing might represent 
10-20% of IT in that timeframe. 

"I n five years, we're going to see lot of 


additional best practices 
emerge," said Linthicum. "A 
number of large companies will 
be making money and profit from 
cloud. You'll see people reducing 
their IT spending by 20%. Those 
who have waited for providers to 
mature and consolidate will now 
be placing big bets." 

Last will come the commoditi¬ 
zation phase, he believed. "We'll 
see foreign countries coming into this 
space. You'll be able to get everything 
that Amazon and Rackspace does from 
China as a service—from the same guys 
who are attacking our systems now." 

But John Rhoton offered up a more 
radical vision beyond datacenters. "The 
next step past data centers is that there 
could be enough processing power and 
resources on all these different client 
systems spread around the world. Peo¬ 
ple will have computers and devices 
with lOOx more performance than you 
could actually use." 

Will the cloud prevail, or will it be 
supplanted by the "I nternet of things?" 
It's simply too soon to tell. I 
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Breaking down 

BUILDH 

What Windows 8, Metro and 
Windows Runtime mean to you 


BY PATRICK HYNDS 


W hat did M icrosoft's BUILD 
Conference in Anaheim last 
month mean for develop¬ 
ers? No group of developers was cast 
aside; there is something for everyone 
in the developer story surrounding 
Windows 8. There were some clear 
winners: C++ developers, lovers of 
HTM L5 and JavaScript, those that love 
the Metro interface provided by Win¬ 
dows Phone 7, and those hoping 
M icrosoft would make a competitive 
entry into the tablet market. 

A lot of the conspiracy theories 
spawned from the unusually intense 
level of pre-event secrecy have been 
put to rest: Windows 8 will not break 
from the past, and it will support the 
.NET Framework and its accompany¬ 
ing languages and technologies. But 
certain questions remain about the 
technology and the path forward. 
Before a lookahead, though, it’s good to 


ask: H ow did we get here? 

The short answer is Steven Sinofsky. 
Sinofsky, as the president of the Win¬ 
dows division at M icrosoft, is by all 
accounts the champion and the hand 
behind the push to make Windows 8 
what it is, and that includes the shift to 
the Windows Runtime (WinRT) as the 
developer framework of the future. 

He gave the first-day keynote at 
BUILD, in which he declared that 
enabling developers is the goal, and that 
M icrosoft wasfocused on building on the 
success of Windows 7. M icrosoft claimed 
that there are more than 440 million 
copies of Windows 7 sold thus far, and 
that is a lot of success to build upon. 

Other messages from Sinofsky were 
that touch on a PC is addictive and 
plays a huge role in the M etro interface, 
that Windows 8 is "breaking down the 
connectivity silos for app developers" 

continued on page 56 ► 
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The Metro interface will require programming to get a handle on asynchronous operations, to prevent the Ul from being blocked. 


•* continued from page 55 

(note the use of the term "app" rather 
than application there, more on that lat¬ 
er), and that Windows 8 is designed to 
be service-aware, since services are 
everywhere. 

Reach is a theme that came out ear¬ 
ly and was a telling hint of why things 
are shaping up this particular way. Per¬ 
haps the most important promise made 
isthateverythingthatrunsonWindows 

7 will run on Windows 8. There were 
no exceptions, which is the one state¬ 
ment that might have been helpful if it 
were made a couple of months ago. 

The only equivocation on this aspect 
is that the ways they will run are not cre¬ 
ated equal. Applications not specifically 
updated for the M etro style are relegated 
to the desktop interface that supports 
touch, but is more retro than M etro. 

At the heart of things, the Windows 

8 experience really was the focus of the 
entire conference. Even before the 
conference, you could go to the Win¬ 
dows 8 Engineering blog to see how 
Windows Explorer and many other nuts 
and bolts of the system will be 
improved—or in the vernacular of 
BUILD, re-imagined. But they were 
not even mentioned at the conference. 

There was surprisingly little cover¬ 
age of Windows 8 management fea¬ 


tures, but a great deal of focus on devel¬ 
opers, hence the feel that BUILD truly 
was the next iteration of M icrosoft's 
Professional Developers Conference. 
But some of the other announcements 
were so subdued that those of us in the 
hall had to turn to our neighbors and 
say things like, "D id they just off-hand 
mention that a dev release of Visual 
Studio 2011 is available?" The answer 
to that question is "yes." M ore on that 
later, because the heart of the message 
of the first-day keynote was that the 
WinRT is here and it is meant to be the 
way forward for developers. 

I believe this is a significant moment 
in history and is right up there with the 
PDC when the .NET Framework was 
first introduced a decade ago, but as 
with that announcement, there is time 
before this future becomes the present, 
and we are going to need to get up to 
speed with all this new stuff. 

Similarities to .NET'S start 
One area of uncertainty around WinRT 
is whether it will ever be back-ported to 
support older versions of W indows, and 
as of this writing, the answer from 
insiders and others is "no." That will 
serve to slow things down a bit, which, 
given all we have to come up to speed 
on, is a good thing. 


We had the same challenge when 
.NET debuted, but in this case I would 
be surprised if ports to operating sys¬ 
tems like Windows 7 ever happen. This 
is not a break with the past. It is more 
like an evolution. 

A recurring theme and a central fea¬ 
ture of the new system is the ease of 
leveraging asynchronous operations. If 
you plan to build Metro-style apps, 
then a good deal of asynchronous com¬ 
munication is definitely in your future, 
like it or not. Prominent in the event's 
demonstrations were calls that might 
take a long to do with the Async and 
Await keywords to keep them from 
blocking the UI. I n this context, a long 
time is anything longer than 50 mil¬ 
liseconds. There appears to be strong 
evidence that the whole reason for the 
move to WinRT is to avoid the prob¬ 
lems of the past, such as Ul blocking 
synchronous code, and to pave the way 
for M icrosoft to compete at the Apple 
end of the market. 

It is as if .NET was a decade-long 
holding action that allowed us to avoid 
the pains of COM and memory man¬ 
agement. A fantastic holding action, but 
it took us further from the metal, which 
causes its own set of problems. The 
indicators that this works in favor of 

continued on page 59 ► 
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WinRT include what we are told can 
and cannot be put in the coming app 
store. While Win32 applications seem 
to be allowed (in that they can be linked 
to), .NET applications not adapted to 
M etro seem to be shut out. 

To understand what that means, we 
have to look at exactly where the .NET 
Framework fits now in the new world 
order of Windows 8. In some sense, 
"F ramework" seemed like a dirty word 
at BUILD as it connoted a layer 
between the developer and the hard¬ 
ware, and that is exactly where WinRT 
is different from .NET, on the surface 
at least. 

The inference wasthatWinRT takes 
developers of all stripes closer to the 
hardware, all the while enabling 
M icrosoft to clean the slate in areas it 
cares about greatly. In fact, while C# 
and VB on top of WinRT do still run on 
top of the CL R, and it is the same CL R 
used when run in D esktop M ode on the 
same system, the terms people have 
used is that there is a different "profile" 
in effect. In reality, it is about pruning 
certain calls back to protect an applica¬ 
tion running over WinRT from straying 
from the path, specifically the path to a 
successful app store. 

Doug Seven, vice president at 
Telerik, put things very clearly regard¬ 
ing how the CLR is leveraged both in 
and outside M etro in Windows 8. I n a 
post entitled "A bad picture is worth a 
thousand long discussions," posted at 
(dougseven.com/tag/winrt/), he dis¬ 
cussed the "Boxology" slide presented 
during the first-day keynote (as seen on 
this page). This is a great slide for intro¬ 
ducing us to the concept of WinRT, but 
it really does need lots of further expla¬ 
nation, which has yet to arrive officially. 

D oug's post goes a long way to filling 
in the blanks, especially in regard to 
how the .N ET Framework fits into the 
architecture. I expect most of that 
information to come from the commu¬ 
nity as M icrosoft works on the next 
round of public disclosures. In other 
words, I do not expect the control over 
information disclosure from M icrosoft 
to change anytime soon from the prece¬ 
dent that BUILD has created. 



Risky business 

The risks of these bold moves by 
Microsoft are still there. If the final 
release of the M etro interface of Win¬ 
dows 8 is not incredibly intuitive, then 
even the already great touch perform¬ 
ance will be for naught. 

The .NET revolution was where 
M icrosoft established its dominance of 
the enterprise. M etro, and by extension 
Windows 8, is a very consumer-oriented 
play. The risk is that the change in focus 
risks the enterprise dominance. lf.NET 
had been declared at end-of-life or hob¬ 
bled, then this would be a real possibility. 

Again, this is not what has hap¬ 
pened, and there is no reason to think 
this misstep will be made between now 
and final release. There are reasons to 
be confident that M icrosoft is on the 
right track, but we need to remember 
that there have certainly been missteps 
by M icrosoft in the past, and the most 
preventable ones, in my view, had to do 
with failing to make things easy enough 
to really take off. 

The demonstrations of Visual Studio 
2011 helped allay the fears that this 
would be the case with the shift to Win- 
RT-based development. In spite of 
those efforts, there were hints that 
porting existing Silverlight and .NET 
applications to WinRT will not be triv¬ 
ial in most cases, and several attendees 
told me they thought as much. 

As you may have noticed, competing 
with Apple seems to also be a trend at 
BUILD, though it was an unspoken 
thing. M icrosoft wants several market 


positions that Apple currently has, and 
they are fairly easy to enumerate. These 
provided insight into the intended role 
of Windows 8. 

Obvious objectives for Microsoft 
include prominence in the consumer 
market in the tablet and phone space, a 
consistent app dev story between 
phone and tablets (and with desktops 
would be nice as well), and an app store 
that just works for the consumer space 
in terms of trust and profitability. The 
M etro interface baked into Windows 8 
provides a path to the first two of these 
goals, though they are still fraught with 
pitfalls related to the actual execution. 

That brings us to the app store. The 
coming app store will consist of M etro- 
style apps that are safe from the slow 
performance, system-altering side 
effects and distance from the metal that 
non-M etro/WinRT applications risk. 
There are no guarantees of course that 
M etro applications will do no harm, but 
there are many obstacles to bad apps 
ending up in the app store. 

For example, since the Metro style 
of deploying apps is to place an appx 
file that can simply be deleted to 
remove the application, there is no con¬ 
tamination to the OS no matter how 
many apps are installed or deleted. The 
emphasis on Async makes even more 
sense in this context, though it is clear¬ 
ly a good idea in its own right. 

Jensen H arris, M icrosoft's director of 
program management and Windows 
User Experience, laid out at BUILD 

continued on page 60 ► 
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◄ continued from page 59 

what M etro means and how M icrosoft 
has provided for developers without dig¬ 
ging into the tooling too much. At one 
point, he showed the built-in animations 
that the Metro-style controls provide, 
and the difference in effect is jarring. 
These subtle little effects are like so 
many things in our lives in that once you 
get used to them, you really notice their 
absence. Cell phones are the best corol¬ 
lary since I never missed them when I 
was a kid, but I feel so cut off from the 
world if I am out and about without my 
cell. Harris explained the eight princi¬ 
ples that make M etro tick, including the 
back story on how and why. 

As mentioned earlier, the Visual Stu¬ 
dio 2011 developer preview is released 
and was used for every demo as near as I 
can tell. It was never formally 
announced—just mentioned—and 
therefore there is no timeline or even 
release cycle to reference. H owever, it 
looks like the releases of Windows 8 and 
Visual Studio 2011 will be synchronized, 
though this is not officially announced. 

Visual Studio 2011 has a good deal of 
interesting developer goodness in its 
own right. Application interoperability is 
accomplished using a new technology 
called "Charms," and there are a num¬ 
ber of them available to Metro-style 
apps, but three were specifically called 
out by H arris. The Share C harm lets you 
leverage all applications that support the 
Share Contract, which is the rule behind 
the Charm. You can think of this func¬ 
tionality as a rich clipboard that allows 
you to stay in context of the originating 
application while shipping data to a 
receiving app that supports the contract. 

The other two Charms demonstrat¬ 
ed in the big group sessions were the 
Search Charm and the Picker Charm. 
In these two cases, M icrosoft is trying 
to make common scenarios for users 
that transcend the application level and 
allow integrations without prior coordi¬ 
nation between the authors of any two 
apps. This app synergy is an important 
part of the W indows 8 vision for M etro- 
style development. As with all things, 
the pressing question is how this is 
enabled in the developer tools. The 

continued on page 62 ► 


With Windows 8, 
Microsoft may have 
its mojo back 


BY ALAN ZEICHICK 

Something funny happened to me 
down at M icrosoft's Build conference, 
held in Anaheim in September. Some¬ 
thing rare. Something unusual. 

I wanted what I saw on the keynote 
stage, and I wanted it bad. 

I'm talking about the new look- 
and-feel of Windows 8. The 
Metro user interface. The 
seamless transition that it 
encourages between devices 
in many different form fac¬ 
tors: desktops, servers, 
tablets and phones. The user 
experience looks fresh and 
compelling, and frankly is 
the most innovative update 
that I've seen to a M icrosoft 
desktop operating system since Win¬ 
dows 95. 

As mentioned above, it’s rare for me 
to have that type of reaction. I didn't 
have it upon seeing the first iPhone, for 
example. In fact, Apple has only done 
that to me twice, with the MacBook 
Air and the iPad (both of which I pur¬ 
chased promptly when they appeared 
in stores). 

In fact, I can only think of a few 
other times I had that reaction. U pon 
seeing the launch of a particular ver¬ 
sion of M athematica (I forget which 
version). The launch of the Cobalt 
Cube, an innovative small-business 
server that Sun M icrosystems 
acquired and killed. Steve Jobs 
demonstrating the second-generation 
NeXT pizza-box workstation. Not 
many others. 

Downloading and installing the 
Windows Developer Preview, includ¬ 
ing tools, onto one of my lab 
machines is on my to-do list. 
(M icrosoft gave every paid attendee 
at Build a Samsung tablet with the 


Win8 beta and tools preinstalled, but 
those were not offered to press atten¬ 
dees like yours truly.) 

What about the developer angle? 
M icrosoft appears to be making it easy 
to retrofit existing Windows applica¬ 
tions to behave nicely within the new 
Metro user experience; in fact, the 
company claims that every 
app that runs under Windows 
7 will run under Windows 8. 
(Presumably, that's for Intel 
x32/x64 apps and not for 
ARM applications.) The 
M etro experience is driven by 
JavaScript with HTML, but 
can also be implemented 
using C#, C++or Visual Basic 
using XAM L. No rocket sci¬ 
ence there. 

Another big push with Windows 8 
is to HTM L5. While Silverlight and 
other plug-ins will still be supported, 
and there's indeed a strong commit¬ 
ment to Silverlight, the message was 
clear: HTML5 is the future. That's 
welcome news, of course; with Apple 
also on the HTML5 bandwagon, it's 
the safest bet in town. 

Finally, there's the push to touch¬ 
screens. M icrosoft is using the touch¬ 
screen to differentiate Windows from 
M ac OS X. Apple has been very clear 
(at least under Steve J obs) that touch¬ 
screens were for mobile devices, and 
not for iM acs. A plethora of comput¬ 
ers built for Windows 8—including 
desktops and notebooks—will have 
touch-screens. Let's see where this 
goes: If consumers choose Windows 
because of this, expect Apple to 
embrace the touch as well. 

As for now, I look forward to seeing 
how well the developer preview runs 
on a four-year-old AsusX50RL laptop. 
Should be interesting! I 



Alan Zeichick 
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Eight things about Metro 

What will distinguish the best Metro-style apps, according to Microsoft's Jensen Har¬ 
ris? Here is an extremely condensed breakdown of his list of eight touch points that 
will make or break these new applications. 


1. Metro style design: Metro is the new 

thing; get on the bus or no app store for 
you! 

2. Fast and fluid: If touch is slow, we 
notice. Do not let anything get in the 
way of the Ul thread. 

3. Snap and scale beautifully: Microsoft 
has provided for multiple viewing sizes. 
Support them or you will be left out. 

4. Use the right Contracts: The Charms 
let you play well with other Metro apps, 
so apply them where they make sense 
for app-to-app sharing and stuff like that. 


5. Invest in a great Tile: The Tile is your 
home page of sorts for your app; make it 
count and make it useful. 

6. Feel connected and alive: Avoid static 
and go for active content, including noti¬ 
fications and updates. 

7. Roam to the cloud: Go cloud or go 
home. No one wants to sync their data, 
so just build it in with cloud storage. 

8. Embrace Metro principles: Rinse and 
repeat, and always keep striving for a 
better user experience. 

—Patrick Hynds 


< continued from page 60 

demos make it look easy of course; let's 
hope the tools make it so. 

D uring the D ay 2 keynote, many of 
the most interesting features of Visual 
Studio 2011 were outlined. There was a 
Simulator, which is like super preview 
for debugging Metro apps, and an 
I mage editor so greatly improved that I 
doubt someone building an immersive 
video game has to stray very far to cre¬ 
ate all the graphical components. 

Jason Zander, Microsoft corporate 
vice president for Visual Studio, did a 
demo that showed debugging a 3D tank 
combat game and decomposing each lay¬ 
er of the display to see where a trans¬ 
parency had gone wrong. It really 
showed the power that the synthesis that 
Visual Studio plus Blend can bring to 
bear. Visual Studio 2011 is that synthesis. 

As the developer demos of the D ay 2 
keynote progressed, Zander showed off 
how far Azure development tools have 
come. The pace of progress underlines 
how big of a bet M icrosoft has placed 
on Azure. 

The keynote mentioned that the Pro¬ 
ductivity Power Tools are now built right 
into Visual Studio 2011, making for one 
less download and expanding the arsenal 
for developers to get things done out of 
the box There is now an ability to find 
duplicate code snippets throughout a 
project, but rather than just a simple 
find, this feature allows for variable 
names, constants and such to be named 
differently in the code, resulting in the 
ability to find code that has been copied 
and modified superficially. This is the 
next level of refactoring. I expect we will 
appreciate this immensely as we find 
ourselves updating a legion of applica¬ 
tions to take advantage of M etro and the 
.NET Framework4.5. 

Changes to .NET 

Scott Guthrie, M icrosoft corporate vice 
president of Server & Tools Business, 
showed off .NET 4.5 and M VC 4.1 mme- 
diately we noticed that the basic tem¬ 
plate generated just keeps getting better. 

With M VC 4, the basic shell applica¬ 
tion looks very polished for something 
we get instantly for free. The resulting 
page even suggests the next steps for 


the developer, such as configuring 
M embership. 

The thing I liked the most is that it 
will now be so easy to figure out what 
causes any given element to be dis¬ 
played. To that end, you can show both 
markup and the design view in Visual 
Studio 2011, and the two are synched in 
that you can click on a section of 
markup, and the tool will highlight the 
corresponding section in the design 
view and vice versa. 

This is debugging for Web projects 
on steroids. It even shows you which 
branch of flow control, like IF state¬ 
ments, caused the displayed result 
when selections are made by the user in 
the design view. They even said that 
jQuery mobile is going to be included 
in Visual Studio 2011. 

These are all great features, but my 
favorite is folder references. With folder 
references, whole folders are referenced 
instead of individual scripts, and they are 
huge for getti ng the tools out of your way. 
Any file in the referenced directory is 
added to the project. 11 even does minifi- 
cation, which means that all the scripts 
are combined and made as small as pos¬ 
sible on compilation, which enhances 
performance. This is a feature that had 
not occurred to me before, but now I can 
see that I will wonder how I lived without 
it all this time. 

No coverage of BUILD would be 
complete without some discussion of the 
tablet device handed out to attendees at 


the end of the first day. The device is sur¬ 
prisingly good, even running a pre-beta 
version of Windows 8, and it has con¬ 
tributed greatly to the positive vibe sur¬ 
rounding what M icrosoft is trying to cre¬ 
ate with this new version. There are 
some glitches, but fewer than reasonably 
expected in my opinion. 

One thing about it that I cannot fig¬ 
ure out is how one takes a screenshot 
while in the Metro interface using 
touch. M aybe this will be fixed, or I am 
just missing something (obvious or not). 
This reinforces that there is still a road 
to travel between now and final release. 

The questions to be answered are far 
deeper than the questions we had 
before the conference. The mantra of 
"Lets you pick the language you want" 
does not lay out what the tradeoffs will 
ultimately be when choosing from the 
available options. I believe that C++ is 
still the choice for best performance on 
Windows, but now the tax of using C++ 
isgreatly reduced if not totally eliminat¬ 
ed. C#and VB.NET have their place, 
but they are no longer the monopoly on 
productivity that they have been over 
the last period. 

Finally, HTM L5 with JavaScript is 
the new game in town. I expect that this 
will be a case of embrace and extend, 
withWinRT providing so much. 

Now we all have to dig in and figure 
out what it all means and where our cor¬ 
ner of the development community fits 
into this mosaic of technical choices. I 
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Open source has 

After 20 years of Linux and 30 years of 
open-source licensing, the movement is 
healthier and more mature than ever 


BY ALEX HANDY 

J ust 10 short years ago, Linux was 
considered an upstart, challenging 
the embedded players. Open- 
source software was evolving around 
the world, but very few projects 
beyond the Apache Web server had 
penetrated big business. Fast-forward 
to today, and Red Hat is in the S&P 
500, the Apache Web server accounts 
for well over half of all Web servers, 
and even J ava has gone G P L. C al I it the 
triumph of the open. 


N ow, 30 years after the G N U G en- 
eral Public License was first con¬ 
ceived and 20 years after L inux kicked 
off, big business has come to under¬ 
stand the power of big community. 
Jim Zemlin, executive director of the 
Linux F oundation, said, "It has funda¬ 
mentally changed the way people live 
every day. 

"Let me give you an example: Bill 
G ates changed the world with a simple 
vision of a PC on every desktop run¬ 


ning M icrosoft software. And the PC 
did change the way people interact in 
their daily lives. Linux has gone even 
beyond that. 

"It's not just powering desktops, but 
it's a part of the fundamental economy 
of the globe. 11 runs 75% of global equi¬ 
ty trades. It is a fundamental compo¬ 
nent of the global economy. Wall Street 
and Linux are inextricably linked. It 
runs air traffic control systems, trains, 
Google, Amazon, eBay and Facebook. 






come 


It's in your phone. It's in your TV. I 
mean, it's changed the world so funda¬ 
mentally, and people aren't even aware 
it exists, which I think is one of the most 
elegant things about L inux." 

But open source and Linux aren't 
just about doing the heavy lifting. 
They're also about driving down costs. 
"It has driven billions of dollars of cost 
out of the IT industry," said Zemlin. 
"I t has enabled services that are a part 
of everyone's daily lives. It has 
changed fundamentally the way peo¬ 
ple think about developing software. 
It has proven the collaborative model 
is better." 

That's because it all comes down to 
the people. Open-source software is, 
in a way, less about the software itself, 
and more about the collaboration of 
everyone involved in using and build¬ 
ing that software. Standards and 


of age 


processes are still extremely impor¬ 
tant, but at the end of the day, it's the 
people writing the software and their 
interactions with each other that make 
open-source projects move forward. 

People like Mike Milinkovich, 
executive director of the Eclipse 
Foundation, who said that the power 
of open source is evident in every 
aspect of Eclipse and its ecosystem. 
"It’s one of the challenges we've got at 
Eclipse as an organization: We've got 
so many different technologies and 
talk to so many different types of com¬ 
panies across the product life cycle, 
from early adopters to late, from engi¬ 
neering in automotive or aerospace. 
That's a very wide spread of compa¬ 
nies leveraging E clipse," he said. With 
all those stakeholders, Eclipse has to 
make a lot of people happy for differ¬ 
ent reasons. 


Cutting those costs 

Zemlin said that Linux has some of 
those same problems, but good engi¬ 
neering and proper adherence to goals 
ensure projects remain focused on the 
strengths of Linux. 

"I think it's more of an industry shift, 
where you’re seeing this massive adop¬ 
tion of Linux as the underlying fabric of 
a lot of different computing," he said. 
"All of the fundamental advantages 
Linux had in terms of the availability of 
the source code, the low cost, the fact 
that you can own this stuff and build 
your own things on top of it, have 
turned out to be truly fundamental 
advantages." 

And those advantages also save 
everyone involved in the development 
process time. Rather than worry about 
reinventing the wheel, or building out 

continued on page 66 ► 
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custom environments, Linux and other 
open-source projects are still malleable 
enough to be molded into the nooks 
and crannies of any project. 

"I n Silicon Valley, there is not a start¬ 
up today that uses proprietary software 
to build their company," said Zemlin. 
“I n the hottest segment of the market 
today, it's not Web 2.0 any more, it’s the 
new wave of social media companies 
like Groupon. Go to any of those com¬ 
panies, and they all build their technol¬ 
ogy using open source. It's Linux. It's 
open-source databases. It's Apache 
Web servers. It's all open source. 
They're doing that not just because the 
stuff is high quality, and provides high 
availability and fast throughput, but 
also because it’s cheap for them to 
build. 

"I was one of the founders of a com¬ 
pany called Corio. When we went pub¬ 
lic, the No. 1 risk statement on our 
sheets was that we didn't own the soft¬ 
ware. We hosted it, but it was built on 
proprietary software. I ask if Google 
could be the company they are today if 


they used .NET? Maybe not. There's 
this fundamental advantage Linux has 
for people to own their code." 

And with the arrival of the cloud, 
even more cost can be driven out of a 
business. "What's interesting in Silicon 
Valley is that in addition to all these 
companies building on open source, 
they're not just not buying software, 
they're not buying hardware either," 
said Zemlin. "They're launching using 
cloud services from Amazon and other 
providers. That's reduced the amount 
of risk and the amount of capital 
required. I guess if you're interested in 
old workloads and using M S Office, 
you'd say Windows is doing pretty well. 
And I wouldn’t deny they are, but if 
you're into any new kind of workload, 
or into green-field deployments, it’s all 
Linux." 

Open-source software isn't just for 
servers and desktops anymore. I t's tak¬ 
en hold in the smartphone market, too. 
"If you go into other segments, like 
mobile, the same fundamental advan¬ 
tage holds true," said Zemlin. 

"I n the consumer electronics world, 


it's even more compelling. You've got 
this two-fold pressure in the world of 
TV makers, or phone manufacturers, or 
DVD makers, which is that you not only 
are needing to spend more money cre¬ 
ating these devices, it's also a cost that is 
largely derivative of software. Take the 
top 10 smartphones on the market 
today, turn off their screens, lay them 
side-by-side and tell me which is which. 
You'll have 10 blank screens in a candy- 
bar form factor. You can't tell an iPhone 
from a Droid until you turn it on and 
see the software is very different. 

"When the software becomes the 
primary differentiator of these devices, 
the software component becomes very 
expensive. In addition to that price 
pressure in terms of building, these 
things are only on the market for 12 
months. That gives these guys a lot less 
time to make money off of these things. 

"They've decided that instead of 
making money off the hardware, I'm 
going to offer products and services on 
top of that. The only platform that 
allows you to control your own destiny 
is Linux, because it’s open source. We 
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have these fundamental structural 
advantages in the market due to the 
license cost and due to the critical mass 
that Linux has in terms of this broad 
architectural support. Once it’s taken 
on that critical mass combined with 
these advantages, it becomes some¬ 
thing that's very, very difficult to com¬ 
pete with, if you're a proprietary soft¬ 
ware company. 

"Microsoft... It's evident they truly 
struggle. I n the markets they seem to 
care about and try hard to win, Linux 
seems to be doing a pretty good job 
competing." 

Java in the open 

Eclipse's Milinkovich said that open 
source isn’t just about starting from 
scratch, either. M any companies have 
opened their technology to the public, 
and in some cases, that technology has 
been gifted through acquisition. Such 
was the case with Instantiations' Win- 
dowBuilder Pro, the popular Java GUI 
design tool. WindowBuilder Pro is now 
an open-source project under the 
Eclipse Foundation. 


"I knew as long as I nstantiations was 
around, this wasn't their business mod¬ 
el," said Milinkovich. "Literally the day 
I heard Google was buying them, I was 
on the phone saying, 'OK, how can we 
make this happen?' 11 was the first time 
Google had open-sourced a significant 
asset at Eclipse." 

M ilinkovich went on to say that 
despite being proprietary for years, 
WindowBuilder Pro's move into open 
source was a big step for developers. 

"WindowBuilder has been around 
for a really long time," he said. "I 
remember using it when I was a 
Smalltalk programmer. That technology 
has been around for a long time. They 
had several hundred thousand paying 
customers when they were Instantia¬ 
tions. This is not something that’s start¬ 
ing; it's stable, it's mature, it’s well- 
known amongst Java developers." 

After all these years of validated 
open-source development, Java has 
finally joined the open-source move¬ 
ment. "Under Sun, the code wasn't 
moving forward," said Milinkovich. 
"One of the things about Oracle's stew¬ 


ardship of Java is that it takes time to 
get going, but they are actively invest¬ 
ing in moving Java forward. 

"Sun was using the deadlock at the 
J C P as a convenient excuse to save on 
a lot of engineering resources. The 
pace of innovation in the Java plat¬ 
form is going to get a lot better. J ava as 
a language... some innovation is now 
going to happen there. They'll add 
modularity, but there's a lot of things 
Java needs to do to innovate to be 
more relevant to today's world, such as 
be much better and more relevant to 
Web developers." 

And after years of elbow-throwing, it 
would seem that Java's move into open 
source will even calm the unrest 
between some Java projects and the 
keepers of the language. Sun, for exam¬ 
ple, voted against passing OSGi as a 
standard into the Java codebase, while 
Eclipse and the rest of theJCP voted in 
favor of the move. Now, OSGi is antici¬ 
pated to be a part of the future modu¬ 
larity Java SE 8 promises. 

"I made it really clear in Eclipse's 

continued on page 68 ► 
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vote on the Java 8 JSR that if there 
wasn't room for OSGi to play within 
the modularity story for Java 8, that we 
would be voting against it," said 
M ilinkovich. "There is work going on 
around bridging that gap with conver¬ 
sations among the technology guys. I n 
my view it's a no-brainer. There is a lot 
of stuff being built on top of OSGi 
right now, and it's in nobody's interest 
to break that in Java 8." 

Despite the new openness of Java, 
the software is still under contention 
from the one area in which open source 
isstill vulnerable: software patent litiga¬ 
tion. Oracle opened a suit against 
Google last year, alleging that Google's 
use of Apache's open-source H armony 
libraries in its Android smartphone 
platform violated Oracle's patents on 
Java. While the OpenJDK is available 
under the GPL, the litigation in the 
Oracle-Google case focuses on imple¬ 
mentations of versions of J ava that pre¬ 
date the 0 penj D K. 

Still, said Geir Magnusson, founder 
of the H armony project and a board 
member at Apache, there's a lot of 
activity within Harmony, even though 
he has since left the project to focus on 
his day job. "There are a lot of people 
who are still really invested in Java. 
That doesn’t change, and Harmony is 
still the class library for Android, 
and there are a lot of Android 
phones out there." 


Linux 3 

F or the next 20 years of L inux, the 
version numbers will be changing 
in a new way. F or almost 10 years, 
Linux has been on the 2.6.x 
branch of the kernel. But this 
spring, Linus Torvalds decided to 
end that tradition and to brand 
the kernels after 2.6.39.4 as "3.0." 
On the outside, this move seemed 
to indicate some evolution for the 
platform, but in reality, it's just a 
number. And the next revision of 
the kernel will also be just a num¬ 
ber: 3.1. 

With these version number 
changes, you'd expect that Linux 
had entered some sort of wild 


teenage period, where changes are 
made with reckless abandon. But you 
would be wrong. The kernel marches 
on with the same deliberate and 
thoughtful pace it has always had. 

The kernel itself will still be moving 
forward, said Zemlin. "I n terms of chal¬ 
lenges for Linux, there will... always be 
a challenge to have the best possible 
kernel you can get. I can tell you, the 
guy who maintains the Linux kernel is 
the most competitive guy on that front," 
he said. 

"We have the good fortune of being 
able to work with thousands of the 
brightest people in the IT industry to 
make that happen. It's one we've met 
handily. Anything we can do to simplify 
the consumption of Linux, whether 
that’s from a vendor perspective or sim¬ 
plifying Linux in terms of making new 
things, we want to help." 

The cutting edge 

Twenty years ago, the most cutting- 
edge open-source project on the planet 
was either an operating system or a 
compiler. Today, the moniker "most 
cutting edge" is almost impossible to 
quantify. Tools like Selenium, continu¬ 
ous integration servers like Jenkins, and 
H PC tools like OpenCL, have all 
offered cutting-edge solutions to devel¬ 
opment problems. Open-source proj¬ 



ects around the world are pushing the 
state of technology forward with every 
checked-in patch. Some of these proj¬ 
ects are even rethinking the entire 
foundation of the data center. 

Tom H ughes-Croucher, chief evan¬ 
gelist at Joyent, which backs Node.js, 
said that the open-source project is 
designed to bring event-driven pro¬ 
gramming to the Web 2.0 and 
JavaScript crowd. Node.js is a server- 
side JavaScript environment in which 
developers can write server-side soft¬ 
ware for use with JavaScript Web 
pages. 

H ughes-Croucher described the cir¬ 
cumstances that drove Ryan Dahl, 
Node.js' creator, to build the platform. 
It all resulted from his desire to use 
event-driven programming on a web¬ 
site, but it was the power of open 
source that enabled him to push the 
boundaries of server-side JavaScript 
with Node.js. 

Dahl started out trying Python and 
Ruby for this task, but "he found they 
weren't satisfactory," H ughes-Croucher 
said. "The predominant reason is there 
is a lot of heritage in server-side pro¬ 
gramming already, so when he wanted 
to use some other library or access a 
database or do something that involved 
input/output, the existing heritage of 
those languages didn't work very well 
with an event-driven system, 
because all the libraries were 
blocking. 

"The event-driven system 
requires that it can continue 
doing other work while it's wait¬ 
ing for that other task to be 
completed. I don't have to wait 
for the database process to be 
complete. People had built all 
this infrastructure that didn't 
work this way. 

"But the Google Chrome 
team had written this entire 
new JavaScript runtime [V8], 
and they open-sourced it. For 
Ryan, this was the thing he'd 
been wanting: a really great lan¬ 
guage runtime. Server-side 
JavaScript hadn’t gained any 
popularity yet. The standard 
libraries people had already 
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Top five drawbacks of open source 


While open source has seen tremendous uptake in companies 
large and small, there are still plenty of problems you can 
encounter when building on top of an open stack of software. 
Here are the top five. 

The cutting edge cuts both ways 

Open-source projects often are ahead of the innovation curve 
and build all sorts of newfangled things into their code. Some¬ 
times, these leads to large leaps forward. Other times, unfore¬ 
seen problems can set back development projects. Using such 
experimental software can be frustrating, especially when no 
one else has yet encountered the errors you're getting. This 
problem, combined with the next, can make for an awful experi¬ 
ence for enterprise developers. 

Mindshare monopoly 

Some open-source projects are the brainchild of one. While 
open-source insinuates wide participation, there are many proj¬ 
ects out there where a single developer holds tremendous sway 
over the project. 

Linus Torvalds would be the obvious example, but smaller 
efforts, such as Jenkins and Google's V8 engine, are largely the 
result of a smaller team working hard to solve a problem. That 
means issues that arise can sometimes necessitate the atten¬ 
tion of a very small pool of brains. Certainly, Torvalds isn't in this 
category, as there are plenty of smart Linux kernel developers 
out there. But if you run into a problem while using a small 
open-source project, and the two or three folks who created it 
are off on vacation, you could be up a creek. Which leads to... 


No service and support 

The time between an open-source project becoming relevant 
and its gaining a corporate backer is shortening every day. But 
not every project can pay the bills for a service-and-support 
company. Smaller libraries and frameworks that aren't widely 
used could be extremely useful to your project, but if you can't 
call a corporate, liable entity 24/7 for help, it's tough to sell the 
use of that piece of software to your corporate masters. But this 
is only the tip of the iceberg... 

No long-term service and support 

The Linux kernel has tackled this issue head-on, thanks to Greg 
Kroah-Hartman's efforts to solidify kernel releases for longer- 
term back ports. But many projects aren't able to put in the time 
and effort needed to back-port important changes to older 
releases. After all, this is open source, and you should be able to 
do that yourselves, right? But as an enterprise developer, do 
you really want to spend your time back-porting changes? 

Project rot 

There’s nothing more irritating than finding an open-source proj¬ 
ect that solves your problems, only to discover that it hasn't 
been updated in five years. Abandoned projects in the open- 
source community never actually vanish, they just go static. 
Thus, while searching for solutions, you could easily stumble 
across software that hasn't been updated or received any bug 
fixes since before Obama took office. While the code should still 
be out there, the whole point of searching for these projects to 
begin with is to save you time. Are you really saving time if your 
team is spending its time slapping duct tape on an ailing project? 

—Alex Handy 

away free software or making a deriva¬ 
tive work.' There's no sense that it's 
some vendor. I t's us. I t's whoever is par- 
ticipating. They've brought together 
disparate companies, companies that 
are actually competitors. And the peo¬ 
ple in it are pretty nice; they're not 
polarizing people like some members 
of the free software community. 
They're too nice. There's nobody who 
goes, They really screwed us.' 

"Looking at actual practice, compa¬ 
nies are embracing open source and 
using it a lot. It doesn’t seem like the 
threat of patents or trademark issues 
are hanging over them. Most open- 
source projects come from an individ¬ 
ual or a small group of people...attract¬ 
ed to the idea of, T want go work with 
M icrosoft because I've got to be pro¬ 
tected against patent infringement.' 
They're probably going to go to a group 
they're more familiar with, such as 
SourceForge." I 


written to do file access, TCP, and all 
these things didn't exist because server- 
side JavaScript didn't exist." 

Dahl, said H ughes-Croucher, "wasin 
a position where he could design all this 
from scratch. FI is intro to JavaScript was 
this combination of having access to V8, 
but also the fact that he wanted a clean 
slate to write this on." 

"We have Community.Node, and 
half the audience is C programmers 
familiar with event-driven program¬ 
ming, and they want to write things in a 
way that’s more convenient," said 
FI ughes-Croucher. "C is laborious and 
verbose. One side of the community 
wants to take the model and use it more 
conveniently. Then the other side want¬ 
ed server-side JavaScript. They knew 
J avaScript and wanted to do more pow¬ 
erful things with it. People see the suc¬ 
cess of Node.js being one thing or the 
other, but I think it’s been successful 
because of Ryan picking a language and 


bringing something to new to the lan¬ 
guage." 

Open source keeps cutting-edge 
development like Node.js from being 
cloistered. Instead of spending time 
working on an idea behind closed doors, 
open-source development models allow 
these ideas to immediately take flight 
and find users around the globe, thus 
ensuring all stakeholders will have a say 
in how the project evolves. The Apache 
F oundation’s open-source projects have 
become the very I ifeblood of many enter¬ 
prises for just this reason. From the Web 
server to message queues, Bernard 
Golden, CEO of NavicaSoft, said the 
combination of the Apache software 
projects and the Apache Software 
License have made its retinue of tools 
very compelling to enterprises. 

"The license the ASF uses does not 
bring them into conflict with commer¬ 
cial companies," he said. "There’s no, 
'You're ruining our business by giving 
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“A lot of useful, cutting-edge information.” 

— Alfred Mirzagitov, Sr. Software Engineer, Webroot 
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How can you keep 
your security one 
step ahead? 

Frequently the biggest vulnerability of 
an application lies in the very code itself 

BY GUY WRIGHT 


S o you ran the final build on that 
new Web-based order and inven¬ 
tory program and handed it over 
to the QA team. The tests look pretty 
good and you get the go-ahead to 
deploy. N ow all you have to worry about 
is the marketing department hounding 
you to create a smartphone app and 
maybe something for Facebook, and 
every time you go to a meeting with 
management, someone asks what you're 
doing about that cloud thing. 

Your deadlines are always looming, 
there are always a few pesky bugs still in 
the code, and you could really use a few 
more people on your team. But you roll 
up your sleeves and get started on the 
next project. 

Two days later, your network crashes, 
the entire database has been trashed, and 
everyone starts running around frantical¬ 
ly trying to figure out what happened. 
Was it the firewall? The server? Some 
rogue virus? In the back of your mind 
you wonder if it might even be your new 
application. E ventually, the network guys 
figure out that it was a SQL injection 
attack. That's when management starts 
asking, "Don't we have tons of security? 
FI ow could something like this happen?" 

Well, the odds are very good that the 
problem was in your code. 

Depending on whose numbers you 
believe, 60% to 90% of all security 





attacks come in through websites, and a 
good proportion of them are SQL injec¬ 
tion attacks because they are remark¬ 
ably easy to launch—if your code isn't 
written correctly. (F or a good article on 
how SQL injection attacks work and 
how to prevent them in your code, 
check out Colin Angus M ackay's article, 
"SQL I njection Attacks and Some Tips 
on FI ow to Prevent Them.") 

The growing list of security issues is 
long and seemingly insurmountable. 
Attacks can target programs, data, web¬ 
sites, cloud-based applications, even 


computer-controlled machinery. They 
can be viruses, worms, Trojans, denial-of- 
service attacks, SQL injections, or 
sophisticated multi-pronged attacks. 
They can come in through poorly 
deployed firewalls, stolen or lost laptops 
or smartphones, sloppy programming 
practices, wireless networks, rogue 
memory sticks, public-facing websites, 
easy-to-guess passwords, insecure APIs, 
outdated programming frameworks, 
operating systems, third-party software 
or components, media files, or even an 
unlocked window in your data center. 

Attackers include everything from 
lone hackers, groups of hackers, dis¬ 
gruntled employees, simple employee 
mistakes, industrial espionage, cybert¬ 
errorists, even governments. 

The attacks can be targeted or indis¬ 
criminate, sophisticated or through 
sheer brute force. Their intent can be 
to steal, corrupt, destroy or subvert. 
They can also disrupt, embarrass, or 
simply prove that it can be done. 

But you aren't a security expert, 
you're a programmer. You get paid to 
write code, not to worry about security. 
The trouble is, like the scenario above, an 
amazing number of security vulnerabili¬ 
ties start with the code you're writing (or 
the tools you are using, or the framework 
your code runs on, or even the security 

continued on page 74 ► 



74 


.SOFTWARE SECURITY, 


SD Times 


October 2011 


www.sdtimes.com | 


◄ continued from page 73 

compliance standard you already have to 
adhere to). N ow, even the tightest code is 
no guarantee that someone won't leave 
their laptop at the gym or open an infect¬ 
ed file or guess your boss’ password is 
"bigcheeze," but writing solid code can 
give your organization a better chance of 
defending against attacks. 

Where to begin? 

A number of companies that specialize 
in security products and services pro¬ 
vide an idea as to the scope of the prob¬ 
lems, what are the most common mis¬ 
takes people make, and how you might 
avoid making the same mistakes over 
and over again. 

Probably the biggest security chal¬ 
lenge facing programmers is something 
they usually can't control: upper manage¬ 
ment. Time after time the people inter¬ 
viewed for this story said that most com¬ 
panies don't think about security (and 
don't even want to think about security) 
until there is a serious problem, and even 
then they patch that one thing and just 
hope that nothing else goes wrong. It's a 


reactive approach rather than a proactive 
approach. Security has to be built in from 
the very beginning in order to be the 
most effective, and it has to be imple¬ 
mented across the entire enter¬ 
prise. 

According to M andeep 
Khera, head of marketing 
at Cenzic (www.cenzic 
.com), "We did a survey a 
month ago and we asked 
questions like, ‘What per¬ 
centage of your applications 
do you test for vulnerabili¬ 
ties and how often do you test 
them?' And most of the respondents 
said they test less than 10% of their apps 
for vulnerabilities and only once a year. 

"Another question we asked was, 'D o 
you spend more or less money on appli¬ 
cation security than you spend on cof¬ 
fee?' And 70% said their coffee budget 
was larger than their application security 
budget. Therein lies the problem. 

"Another question we asked was, 
‘H ow many times have you been hacked 
in the past 24 months?' And at least 75% 
of the respondents said they had been 


hacked at least once. I've asked many 
programmers why they aren't doing 
application security, and time after time 
the answer is because their management 
says to them, 'Let's not worry about 
security because we will never 
be hacked.’ ... And then I 
say, 'H ow do you know 
you haven’t been 
hacked?' That's when 
they look at me and 
admit that they don't 
know. 

"With most of the hackings 
that have taken place, it turns out 
the hackers had been in the system 
for months before they were discovered. 
So there is a disconnect...They know 
they've been hacked and yet they're not 
doing anything about it. You have to ask, 
'Are you being penny-wise and pound- 
foolish by trying to save a few thousand 
dollars now when it could cost you mil¬ 
lions later?' A serious attack could even 
cost you your business. We know for a 
fact that some company's stock has 
dropped 70% within a week after they 
were hacked. So how much is your com- 
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pany worth to you? 

“I think getting that buy-in from the 
top, starting a security program, and 
training your people are the critical 
things. It might seem overwhelming, 
but it's not. You can easily start with one 
application and then expand to others. 
Pick your most critical application and 
concentrate on that and then move out¬ 
ward. It's that first step people aren't 
taking." 

Khera added that developers need to 
focus on the most critical vulnerabilities, 
and they need to understand that often 
they're making the same mistakes over 
and over again, mistakes that allow such 
attacks as SQL injections, sessions man¬ 
agement, cross-site request forgeries, 
cross-site scripting, and privilege escala¬ 
tion types of attacks that developers may 
or may not know how to code against. 

"I think that is a big thing, to proac¬ 
tively identify vulnerabilities and then 
train the developers how to fix them,” 
he said. "Without training, you'll get 
nowhere. You have to ensure that sen¬ 
ior management clearly buys into the 
fact that application security should be 
the N 0 .1 priority, because without that 
I can guarantee that you will get 
hacked. The only question is when." 

It's natural to react 

The natural tendency is to react to prob¬ 
lems rather than to be proactive about 
them, said Chris Wysopal, cofounder 
and chief information security officer at 
Veracode. "Almost always there is an 
incident before something is done. 
Sometimes there's an incident and [a 
company] will fixthat one app, but won't 
do anything to fix the app that's sitting on 
the server right next to it. I t’s an ongoing 
problem and it’s a problem with all the 
code you've already written. 

"With large software inventories, 
there is a tendency to focus most of your 
efforts on where you think your most 
critical app is: high-profile, public-facing 
applications that most of your customers 
use, or have the most financial impact or 
sensitive information, and so on. And if 
you focus the majority of your effort on 
those handful of applications while 
ignoring the rest of the applications that 
are there, maybe you don’t think the oth¬ 


ers are that big of a deal, but you're still 
exposed because they've never had any 
security testing. 

"But hackers look for any vulnerabil¬ 
ity to gain access. They're going to look 
for the security vulnerabilities in those 
applications that are at a low level of 
security initially. So companies with 
thousands of applications are beginning 
to realize that they are going to have to 
scale their existing processes out to 
their entire inventory and start to pro¬ 


tect those as well." 

C hris E ng, vice president of research 
at Veracode, added: "The other thing 
that we're seeing is customers submit¬ 
ting software to us for analysis that is 
30% to 70% composed of third-party 
code that they didn't write themselves. 
And we're seeing an increasing trend in 
enterprises requiring their vendors to 
have their software tested before it’s 
deployed or before they sign the con¬ 
tract to allow it to be purchased. This last 
thing in particular—the testing of the 
software supply chain—has only begun 
to pick up in the last few years. A lot of 
companies are still behind on that." 

Wysopal made the point that if, as an 
organization, you ship a product and 
someone is harmed by a security flaw, it 
will be considered negligent if that 
organization can’t show it has security 
best practices in place. "So even if you 
can't eliminate every risk, at least you 
can show that you were trying," he said. 

"The first step is figuring out where 
you are at—getting a baseline. If you 
haven't done anything at all, then you 
don't know how far along that continuum 
you are. Once you figure out what you 
have, who owns what, and what security 
levels if any are in place, then you can 
start to figure out where your priorities 
are, which things do you need to focus on 


first, and soon. I think testing to establish 
the baseline is a good first step." 

Gwyn Fisher, CTO of Klocwork, 
expanded on the fact that many pro¬ 
grammers are still making the same 
easily avoided mistakes. 

'The reality is that while the media 
and the public in general focus on new 
and shiny exploits (e.g. a website 
divulging personal information), the 
security domain is still dominated by 
old, well-known weaknesses in imple¬ 


mentation (e.g. SQL injections) that 
allow a variety of well-documented 
attack patterns (e.g. spurious quotes, 
semicolons, logical clauses, etc.) to 
remain successful," he said. 

"So do you define a risk as an already 
exploited vulnerability, or is that as-yet 
unexploited weakness more or less of a 
risk than the one you know about? I n 
thinking about security risk manage¬ 
ment, you have to think about invest¬ 
ment leverage. By that I mean how 
much time and effort (and money, obvi¬ 
ously) are you going to spend locking 
down your network around a known set 
of attack patterns versus fixing the soft¬ 
ware to remove weaknesses. 

"A typical exploit reflects one expo¬ 
sure of an underlying weakness, as 
shown by exercising one particular 
attack pattern. That underlying weak¬ 
ness, however, might well exhibit tens 
or hundreds of vulnerabilities under 
pressure from a variety of different 
attack patterns. So fix the weakness and 
you've removed many times the risk 
from your environment and your users 
than simply blocking one exploit." 

F isher went on to say that the same 
set of problems (SQL injections, 
parameter reflection, header-splittings, 
and script injections) that have been 
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documented for more than a decade 
are the ones still leading the list of most 
frequently exploited weaknesses. 

"I t’s the same set that forms the core 
of the CWE Top 25, the same set that 
any two-minute Google search will give 
you more information on than you 
could possibly imagine," he said. "So is 
there a light at the end of this particu¬ 
larly repetitive tunnel? 

"I'm much more a fan of removing 
weakness than managing exploits, as I 
firmly take the stance that the invest¬ 
ment leverage gained from weakness- 
removal so vastly outweighs any 
time/effort/money put into exploits as to 
make the latter laughable. As a counter¬ 
point, however, and as was widely pub¬ 
lished in a study performed by one of our 
competitors several years back, the aver¬ 
age developer pays way more attention to 
a report of an identified exploit than they 
ever do to a report of a weakness, howev¬ 
er well-described in their code." 

Andy Chou, cofounder and chief sci¬ 
entist of Coverity, also spoke about the 
importance of code security, particularly 


in embedded applications. 

"E mbedded systems in general have 
particular vulnerabilities that they can be 
susceptible to," he said. "Often these sys¬ 
tems are written in C or C++, and they 
can have problems like buffer overflows 
and integer overflows that can ultimately 
lead to a vulnerability. And these types of 
defects in the software can be found and 
eliminated very, very early, almost as 
soon as the code is written. 

"The analogy I like to use is all the 
investment in things that can help you 
after you've had a heart attack versus all 
the things you can do to prevent a heart 
attack in the first place. People don't 
tend to pay attention to it until it gets 
pretty serious...but people don't tend to 
take a proactive approach unless they 
have a friend or relative that’s had a 
heart attack. 

"Static analysis tools can help find 
vulnerabilities earlier. Unfortunately, 
one of the problems with a lot of these 
tools is that if you have a lot of false pos¬ 
itives—like the tools that cry wolf too 
often and say there's a security vulnera¬ 
bility in all these thousands of places 


(but mostly they are not security vul¬ 
nerabilities)—then developers will just 
say, 'This is just a waste of time,' and 
they will tend to not use those tools. 

'The difficulty is not giving the devel¬ 
opers information; it's giving them just 
enough information that they feel they 
can actually address the issues early with¬ 
out impacting their other job, which is to 
get the product up and running. I think 
that's the real challenge because it takes 
time and energy away from other things 
the team has to deal with. Every develop¬ 
ment team I've ever seen is always 
under-resourced and overstretched just 
to deliver the functionality they're sup¬ 
posed to. That’s the reality of what devel¬ 
opment teams are really paid to do." 

Chou added that an additional prob¬ 
lem is that developers often don't have 
competency in security. "A lot of com¬ 
panies just don't have the people and 
technologies and processes that are rea¬ 
sonable for security. That's difficult to 
judge from the outside," he added. "So 
if you have people that don't know what 
they're doing, then it's very easy to mess 
up what you're doing for security in 
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development in particular. 

"A lot of developers in the past have 
not really considered security to be fun¬ 
damental. There have been some com¬ 
panies, like M icrosoft, that have tried to 
build new software develop¬ 
ment processes that put 
security fundamentally 
into the way that software 
is built, but that's some¬ 
thing that most companies 
just don't do. 

"I think that's eventually 
going to change. There are 
processes and testing and 
methodologies out there that do 
all that, but it's not very common." 

Security and the cloud 

And when it comes to developing cloud 
applications, there are whole new things 
to worry about when it comes to security. 
Carson Sweet, CEO of CloudPassage, 
talked about some of the security issues 
when developing for the cloud. 

"There is a huge amount of develop¬ 
ment in the cloud these days. We're see¬ 
ing a lot of instances where a business 



manager wants to get some sort of pres¬ 
ence in the cloud, so they go to their 
developer team or hire a developer and 
tell them to go set up a cloud server and 
write some applications. You have situa¬ 
tions where a develop¬ 
er is spinning up 
one of these cloud 
servers— it's very 
easy and simple to 
do since there's very 
little for them to deal 
with— and in no time you've got a 
server up there and you have data 
that may or may not be sanitized. 

"This is a very big problem 
because folks are using live data to 
do development work even though the 
virtual server has never been secured, it’s 
in the cloud and it’s never been locked 
down. I n an internal data center, we can 
get away with not really securing the 
server itself because we've got layers and 
layers of firewalls and intrusion detec¬ 
tion, and all these things that protect the 
servers behind it. Even though it's not 
the best practice, we can kind of get 
away without hardening the server. But 


with a server in the cloud, that's not the 
case. 

"You don't have the benefit of all 
those layers anymore," Sweet continued. 
"That means the server itself has to be 
self-defending because the default state 
of a server is extremely vulnerable. If 
you put a server out into the cloud, usu¬ 
ally it’s being attacked within 30 minutes. 
And if you don't harden the server, 
you've got a real problem. 

"So you end up with this application 
that, even if you're doing great applica¬ 
tion coding with all sorts of testing and 
doing all the things that good application 
developers do to secure the application, 
you're still building a castle on sand 
because the underlying server doesn’t 
have the protection it needs to keep from 
being compromised. This is a pretty huge 
problem. People are charging out with a 
bit of a cavalier attitude without thinking 
about how to protect the server itself." 

Further complicating the issue, 
Sweet said, is the fact that in the cloud, 
your own IT department doesn't con¬ 
trol the environment. H e recommend- 

continued on page 79 ► 
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ed finding out what a cloud provider 
will do in terms of security under its 
hosting agreement. 

'There is usually a very clear demar¬ 
cation between what a cloud provider 
will do and what they won’t, and they 
are very open about it. It's called a 
shared responsibility model, and essen¬ 
tially the provider will deal with securi¬ 
ty up to the point where they hand the 
keys to that virtual machine off to the 
user, and then it's up to them. 

"The analogy I use is that it's like an 


apartment building. The manager of the 
building will provide security for the 
grounds, the common areas, the eleva¬ 
tors, etc., but once they hand you the 
keys to the apartment, the rest is up to 
you. They don’t know what you're going 
to do with that key, how many copies you 
make, who you give them to, or where 
you hide them. They can't do everything 
for you. So users need to understand that 
there is a shared responsibility." 

The difference between keeping data 
behind a firewall and in the cloud is like 
the difference between a castle, with 
walls around it and a single gate, and a 
village, where people can get in from sev¬ 
eral directions, according to Sweet. 

"We're beginning to see more of a 
hybrid model where a company may 
offer colocation of data in hardened 
servers somewhere where mission-crit¬ 
ical data can be encrypted and stored, 
and they are using the more elastic 
qualities of the cloud to provide a front 
end to those servers," he said. "So a 
company can deploy their Web servers 
in a cloud environment, but their data 
is in a more secure place." 

Another problem Sweet pointed out 
is that in the cloud, practically all the 
servers are virtual machines, so soft¬ 


ware encryption by definition is slower 
than hardware encryption. "H ow do we 
build encryption software that is strong 
enough and fast enough to run in a vir¬ 
tual machine? That problem hasn’t 
been solved yet," he said. 

"And even if you encrypt sensitive 
data, you have to remember that as that 
software gets faster, so do the hacker's 
machines. Let's say you are a hacker 
that wants to run some massive attack 
requiring a lot of computing power. 
Why not pick a number of soft targets 
like virtual servers in the cloud that are 


not typically hardened the same as 
servers in a data center and use those 
servers to do your computations? That's 
what the cloud was designed for: mas¬ 
sively parallel computation. 

"You have to make security a cost of 
doing business," Sweet aid. 'That's not 
necessarily a developer thing, but if you 
don't make security a priority and bite 
the bullet, then you are putting yourself 
at risk. And it's an ongoing thing. Even 
security measures have a life cycle, and 
they need to be monitored and updated." 

It's an attitude problem 

Mano Paul from I SC2's Application 
Security Advisory Board (www.isc2.org) 
echoed many of those points. 

'There are three primary trends tak¬ 
ing place these days. One: H ackers are 
beginning to attack the application lay¬ 
er. A few years ago, hackers would 
attack companies because it was cool, 
they could bring down websites, maybe 
launch denial-of-service attacks, or 
cause some disruption to the business. 
But now they are doing it not to be cool 
but because of the tremendous amount 
of money that's out there. 

"H aving said that, we're also seeing a 
new type of hacker profile like with 


Anonymous and LulzSec where it may 
not be simply cash they are after. They 
have a cause. So I like to say the hack¬ 
ers have moved from cool to cash to 
cause. In terms of the challenges, the 
hackers always have the advantage, and 
we need to keep up with this game. 

'The biggest problem we see with 
companies is an attitude problem. 'It 
hasn't happened to us, so we must be 
okay.' But when the breach happens, it's 
too late in the game. In the whole 
approach to security— particularly soft¬ 
ware security, which is the majority of 
the business these days—only recently 
are we beginning to see companies be 
more proactive." 

As software grows more complex, 
with layer upon layer of software, frame¬ 
works, APIs, and third-party software, 
organizations have the problem of count¬ 
ing on services and data that no longer 
are under their direct control. "We used 
to have the benefit of knowing some¬ 
thing about the APIs and systems we 
were purchasing, but now we're buying 
sub-systems to the systems, like Dev- 
Force or VM Systems," said Paul. "We 
don’t even know what they are doing. 
They are bit like a black box for us. 

'The challenge most companies face 
is they have to be secure, but they don’t 
fully understand the complexity of the 
security issues they have. N ot that I want 
to try and motivate through fear, uncer¬ 
tainty and doubt, but the way that com¬ 
panies need to start looking at this prob¬ 
lem is if they need to get ahead of the 
game. They can no longer have a myopic 
perspective on security itself. And what I 
mean by myopic is they do a little bit of 
this and a little bit of that—for example 
putting up a firewall and leaving it at 
that— as opposed to looking at security as 
the software gets built, right from the 
requirements down to the point of 
release and eventually retirement, which 
is what the I SC certification is all about. 

"Today, the maximum bang for the 
buck will come from having educated 
and trained personnel or resources that 
can build secure applications, to run on 
secure hosts within secure networks 
because it’s not just an application 
issue, it is a host and network problem 
as well."I 




'Companies with thousands of 
applications realize that they 
have to protect their entire 

inventory.' —Chris Wysopal, Vera code 
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BY LARRY O'BRIEN 


Have you a compunction for junctions? 


W riting code is the primary activity of software 
development. Writing the right code, code 
that delivers customer value, is the hard part. But 
right or wrong, the main thing that developers do 
is work in an editor, transforming inputs to outputs. 

For more than a decade, most mainstream 
developers have done their work guided by the 
concepts of object orientation, which says that pro¬ 
grams should be structured in a way that mirrors 
real-world objects. The fundamental concept of an 
"object" is a software module that combines the 
functions that operate on data and the data itself, 
creating an object instance for a customer. 

This is so ingrained that it may seem natural to 
those who have known no other way, but 25 years 
ago, it seemed an academic theory with dubious 
benefits. Object orientation sometimes seemed like 
so much mumbo-jumbo, and other times it seemed 
like it was belaboring well-known principles. 

But object orientation has become the norm. Its 
dominance is, in my opinion, as much a matter of 
happy coincidences as any inherent virtue; its uptake 
in the industry was largely driven by promises of 
code reuse that were never achieved, and an acci¬ 
dental association with GUI programming, which 
caused a wholesale reset of development techniques. 

Today, we are in a similar situation with function¬ 
al programming. It will not replace object-oriented 
programming in the way that OOP replaced struc¬ 
tural programming. Rather, functional programming 
approaches will become ever more common. 

I say "functional programming approaches" 
because what I mean is not the "pure functional" 
theory-driven model. Rather, from a pragmatic 
point of view, if you compare code written a 
decade ago with code written today, you'll see 
today’s code has less internal state and more con- 
text-carrying arguments, and you’ll see yesterday’s 
code using object-structural techniques where 
today's developers would use first-class functions. 

There are two reasons for this change: One sim¬ 
ply being that popular languages such asj avaScript 
and C# provide functions as first-class types; but 
more important is the rise in unit testing as a per¬ 
vasive discipline in the industry. Functional pro¬ 
gramming says that the proper role of a function is 
the transformation of a single input into a single 
output. 


Such functions are the easiest to unit-test. F unc¬ 
tions that take several different parameters, or are 
complex monolithic objects, or that squirrel away the 
results of their calculations, simply require more leg- 
work to test. Programmers have slowly been adopt¬ 
ing functional forms without knowing or caring that 
these forms are "more functionally oriented." 

The guardians of the functional programming 
gates will bristle at these statements. Functional pro¬ 
gramming, strict type systems, and category theory 
are the bread, butter and champagne of the academ¬ 
ic computer-science world. I t's not the ease of testing 
that’s important; it's the ability to curry recursive 
functions without named values. 

Concurrency is to functional programming 
what the GUI was to OOP. The M anycore E ra is 
upon us, and developers are beginning to wake up 
to the fact that shared common state is even hard¬ 
er to deal with than manually 
managed memory. Unfortunate¬ 
ly, the structural model for OOP 
is shared common state! Objects 
are conceived of as separate indi¬ 
viduals in memory, but in the 
mainstream languages, they are 
not isolated from different 
threads, and they are free to create, block, and stop 
their own threads. This way lies madness. 

F unctional programming says that the output of 
a function should be fully determined by its inputs 
(not 0 0 P's "i n puts p I us the cu rrent obj ect's state"). 
Thisisafundamental advantagein reasoning about 
how functions can be distributed and parallelized. 
Writers have perhaps overemphasized this to cre¬ 
ate the common belief that functional program¬ 
ming "solves" concurrency. It doesn't, at least not 
outside of the airiest pure-functional realms. 

"OOP is the natural model for programming 
GUIs" was an overstatement that turned into a self- 
fulfilling prophecy, and "Functional is the natural 
model for programming concurrency" seems to have 
similarly taken root. J ust as GUI s forced the entire 
industry to retrain itself, so too will manycore. J ust as 
the purity of Smalltalk led to the pragmatic adoption 
of C++ and Java, the purity of FI askell is leading to 
the uptake of more pragmatic languages. 

I t’s time to dust off a phrase we all grew sick of 
20 years ago: I t's time for a paradigm shift. I 
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Developers are waking up to 
the fact that shared common 
state is harder to handle than 
manually managed memory. 
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BY DANIEL BURRUS 

Virtualization: The hot trend you can 


T he use of virtualization and cloud computing 
is growing quickly among companies of all 
sizes. Currently, 30% of servers are virtualized, 
and surveys show that by 2012, that number will 
grow to 50%. 

Virtualization and cloud computing go hand 
in hand, and virtualizing servers is just the tip of 
the iceberg. The trend to virtualize everything 
from servers to processing power to software 
offerings actually started years ago in the person¬ 
al sector. 

Recently, it was common for individuals within 
major organizations to use virtualized services or 
cloud computing when at home, but at work they 
weren't using those services at all. Why? Because 
corporate IT didn't trust the lack of security of the 
cloud, and they weren't sure it was a hard trend- 
something that was definitely here to stay. Today, 
we know better. 

I n order to fully understand how virtualization 
and cloud computing will transform the business 
world, let's first look at the evolution of these 
capabilities. 

Cloud computing 

When talking about virtualization, cloud comput¬ 
ing is a natural component. Cloud computing, 
which refers to companies using remote servers 
that can store data and allow users to access infor¬ 
mation from anywhere, takes three different evolu¬ 
tionary forms. 

The first is a public cloud. This could be some¬ 
thing like G oogle D ocs, where you store your data, 
or something like Flicker, where you store your 
photos. Basically, you're storing files somewhere 
else other than your hard drive, and in a place 
where you can access the items from any device at 
any time as long as you have an I nternet connec¬ 
tion. 

The second form of cloud computing, which is 
a private cloud, is emerging rapidly. A private 
cloud exists when a company wants added securi¬ 
ty with cloud computing, yet still wants its people 
to have access to their bigger files and bigger data¬ 
bases from any device anywhere. Since it's private, 
it's secure and the public does not have access to 
it. Companies are now beginning to establish pri¬ 
vate clouds. 


The third iteration that is part of the evolution 
of cloud computing is the private/public cloud— 
also called a hybrid cloud. In this configuration, 
you have a private part of your corporate cloud that 
is secure and only accessible by employees, but you 
also have a part of the cloud that is public where 
strategic partners, vendors, and customers can 
access limited content. 

Virtualization 

Virtualization can take many forms aside from 
servers. For example, you can virtualize a desk¬ 
top, meaning your desktop is stored virtually in 
the clouds and you can access it from anywhere. 
You can virtualize your operating system. That 
means you can be using a M ac yet running the 
latest Windows operating system, or you can 
have a PC and have three different operating sys¬ 
tems running at the same time. That's the power 
of virtualization. 

Another element of virtualization is software-as- 
a-service (SaaS). Decades ago, we started with 
software that we had to buy, install, maintain and 
update. Thanks to SaaS, the software is in the 
clouds, so you no longer buy it; you simply buy 
time to use it. It's a cost-effective way for compa¬ 
nies of all sizes to have access to enterprise-level 
software. 

Similarly, we're also starting to see virtualized 
processing power. Think of this as accessing a 
supercomputer in the clouds and having that 
supercomputer's processing power available on 
your smartphone or tablet. 

I n F ebruary 2011, the game show "J eopardy" 
featured IBM's supercomputer Watson against 
human contestants. Watson beat the humans quite 
well because it knew what it was good at and it 
focused on those categories. With virtualized pro¬ 
cessing power, you're basically getting a Watson on 
your phone. That means you and your employees 
can make informed decisions about many things, 
very quickly. 

One of the ways Watson has been used since 
"Jeopardy" is looking at M RI scans. When Watson 
reviews an M Rl scan, it can detect anomalies and 
see things a human doctor can't see. Watson can 
also analyze many variables in an effort to help the 
human doctor make a better diagnosis faster. It's 
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no longer ignore 

about allowing professionals rapid access to vast 
amounts of information and knowledge that, in 
turn, allows them to work faster and smarter than 
ever before. 

Healthcare is just one example. Could people 
who do sales, R&D, purchasing, delivery, sourc¬ 
ing, shipping, accounting, and a host of other 
functions benefit from a Watson-like supercom¬ 
puter in the palm of their hand? Yes. Could it 
make them work smarter, better and more effec¬ 
tive? M ost definitely! 

The game changer 

Part of this evolution of virtualization and cloud 
computing is that we can now virtualize various 
components of IT. And in the near future, we'll 
start seeing IT-as-a-service (much like how SaaS 
became popular). This means that much of the IT 
department will be virtualized and running in the 
cloud. 

The benefits of IT-as-a-service are immense. 
Not only will it save you money, but it will also 
increase your speed and agility. Since your servers 
aren't being used 100% all the time, the efficiency 
varies. With IT-as-a-service, a company will be able 
to scale in real time as demand dictates by the 
nanosecond. As sales increase, the system will 
instantly self-configure. As sales decrease, it does 
the same. N ow you're only paying for what you're 
using. 

In this case, you'll be able to benefit from 
dynamic resource allocation, so you're able to max¬ 
imize what you have and what you're paying for at 
all times. 

IT-as-a-service is a game changer. Because you 
now have components of the IT department exist- 
ing in the cloud, you are freeing your in-house IT 
staff to shift from a tedious maintenance mode to 
a dynamic innovation mode. As such, your IT 
department can now focus on achieving business 
goals, creating innovative solutions, and driving 
sales rather than upgrading individual users' 
installations and firefighting everyday problems. It 
will allow the IT department to really look at the 
industry trends unfolding before them, so your 
company can give customers the products and 
services they'd ask for, if they only knew what was 
possible. 


It's time to V-enable the organization 

In terms of implementing virtualization and 
cloud-computing options, organizations are now 
starting to move quickly. Virtualization received 
a big push in 2009 and 2010 because of the reces¬ 
sion, which prompted many companies to cut 
their IT budgets. Companies realized that one 
way to save money is through virtualization. 
For example, virtual desktops alone lower costs 
by 15%. 

N ow, the factors that are increasing an organiza¬ 
tion's interest in virtualization are speed and agili¬ 
ty. Virtualization enables you to do things faster, 
thus making your company more agile. I nstead of 
delivering a new service in two months, companies 
are able to do it in two days. 

As virtualization and cloud computing become 
more prevalent, companies are 
going to need to form new 
strategic relationships because 
existing relationships may not 
have the core competencies 
needed to drive the fundamen¬ 
tal changes that will be needed. 

At this point, it would be good 
to ask yourself if you have the relationships you 
need to move forward given this shift. Do your 
current strategic relationships understand the 
shifts taking place, and are they embracing the 
things you know will happen? 

Realize, too, that the wrong question to ask is, 
"What should we buy?" Rather, you have to look at 
the bigger picture of what you're trying to accom¬ 
plish in this transformational time. How can you 
use virtualization and cloud computing as game 
changers for your company based on where it’s 
evolving? The key is to understand the new capa¬ 
bilities, because in order to know what to buy or 
what to do, you first have to know what is possible. 

2011 has become the year when most have 
begun sticking their toes in the waters of virtualiza¬ 
tion and cloud computing. It's the year organiza¬ 
tions realize this isn't a fad that's going to fade. Vir¬ 
tualization and the cloud are hard trends that 
provide transformational opportunities and will 
continue to rapidly evolve. The time to embrace 
this trend is now. I 


Because components of the 
IT department exist in the 
cloud, IT staff can shift from 
maintenance to innovation. 
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platform — Windows, Mac, or Linux! 
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VMware vSphere 5 
Essentials Kit 

VMware vSphere is the industry-leading 
virtualization platform for building cloud 
infrastructures that enables users to run 
business critical applications with 
confidence and respond faster to 
their business. 

vSphere accelerates the shift to cloud 
computing for existing datacenters, while 
also underpinning compatible public cloud 
offerings paving the way for the only 
hybrid cloud model. With over 250,000 
customers worldwide and the support of 
over 2500 applications from more than 
1400ISV partners, VMware vSphere is 
the trusted platform for any application. 
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Lenovo ThinkPad X220 

by Lenovo 

The ThinkPad X220 features the quality 
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as a multimedia and communications 
tools in business. The ultra-portable 
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Reshape your sourcing strategy 

R 


|egularly revisiting your application sourcing 
k strategy is a must to ensure that you are 
employing the right strategy for each business area: 
on one side paying attention to modify your strategy 
as different capabilities become commoditized, but 
likewise modifying your approach for the "differenti¬ 
ating" and "highly innovating" business applications. 

D istinguish software that makes a difference 
from commodity processes and capabilities. 
Conventional wisdom suggests buying before build¬ 
ing software. But as an increasing proportion of 
product and service value goes digital, there is a 
much greater scope for a firm’s application develop¬ 
ment professionals to build competitive digital dif¬ 
ferentiation into its offering. When determining 
which parts should get what sort of treatment, app 
delivery leaders should consider such factors as the 
nature of the process to support, available technolo¬ 
gies, IT archetypes, the rate of product- or service¬ 
offering innovation, the proportion of digital content 
in the product offering, and channel innovation. 

The secret to releasing resources for digital dif¬ 
ferentiation lies in standardizing the support for 
commoditized or non-differentiating processes: 
centralizing and virtualizing their management and 
support, and outsourcing them when feasible to 
free resources to invest in innovation. Two main 
options can serve this purpose: deploying packaged 
software with minimal customization to minimize 
costs, or making SaaS part of your strategy for both 
commodity processes and innovation. 

Optimize a sourcing strategy to drive inno¬ 
vation for software that makes a difference. To 
provide differentiating solutions at a pace that 
matches volatile business requirements, application 
delivery professionals must focus on where they can 
add the most value. Smart application delivery lead¬ 
ers should consider how to focus in-house resources 
on high-value tasks such as requirements, design and 
testing, while turning to partners for other work. I n 
pursuing this innovation strategy: 

• Optimize talent sourcing to build competencies 
that contribute to differentiation. First, determine 
roles you must invest in to build the talent required 
by your differentiating software projects. Key roles 
becoming more important today include business 
analysts, product managers, designers (of both user 
experience and architecture), and quality managers. 


When deciding where to focus innovation invest¬ 
ments, you should also build talent in the technolo¬ 
gy areas you consider crucial. F or each role or skill, 
map the mix you aim to achieve across the different 
options: building talent internally, using staff aug¬ 
mentation, or exploring other sourcing options. 

• Work with sourcing pros to create strategic part¬ 
nerships to balance staff augmentation. You should 
build a sourcing framework that will supply the tal¬ 
ent you need on a sustainable basis. As part of your 
working relationship with your colleagues in sourc¬ 
ing and vendor management, provide them with the 
map of crucial roles and skills. F or each role or skill, 
identify the locations and quantities of resources you 
want, along with their costs. Your sourcing col¬ 
leagues will help you define contracts with proper 
terms and conditions, define a request for a propos¬ 
al process, select the panel of partners, and manage 
the life cycle of each relationship. 

• M ake user experience a key 
element of your innovation talent 
strategy. Application delivery 
teams can build competency in 
user experience. Several clients 
cite user experience talent, espe¬ 
cially for mobile, as one of the 

skills they are ramping up internally instead of 
relying on outside agencies—in part because of 
mixed results from them. 

• I nnovate within your delivery processes to deliver 
more customer value more quickly. People play a 
crucial role in innovation, but you must establish the 
right organizational and process context to maximize 
your teams’ chances of success. A majority of innova¬ 
tive firms we studied are relatively mature in their 
adoption of lean and agile practices. 

F orrester's research on software innovation, agile 
adoption, customer experience, and high-perform¬ 
ance teams all points to a set of practices that are 
typical of firms that are most effective in driving 
innovation. Talent sourcing is one of the most 
important of these practices. Whether it's through 
creating a culture of excellence that makes your 
shop a destination that developers around the world 
would love to reach, or through adopting a sophisti¬ 
cated approach to skills that builds talent from 
around the world, all innovators excel at ensuring a 
good supply of the best people. I 
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You must establish the right 
organizational and process 
context to maximize your 
teams' chances of success. 
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Microsoft's Windows 8 mysteries 
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All this secrecy leads this 
observer to believe that 
Microsoft doesn't yet have 
the answers. 


ever in my recollection has so much—and so 
little—been shared at a technology confer¬ 
ence. ButM icrosoft managed to pull off the dubious 
feat at the recent BUILD Conference in Anaheim. 

(For the sake of disclosure, I was not in atten¬ 
dance; what follows was gleaned from multiple dis¬ 
cussions and interviews with folks who were on site.) 

It began in the run-up to the event, asM icrosoft 
put the clamps on corporate lips, leaving many in 
the industry to try to piece together what Windows 
8 would and would not support, what the future 
held for Silverlight, XAM L and the .NET Frame¬ 
work, and what the new development stack would 
look like. 

Then came BUILD, and 
developers were handed a tablet 
running the new operating sys¬ 
tem with the Metro styling and 
touch capability, and attendees 
raved. New toys will do that to 
people. D evelopers couldn't wait 
to go to sessions to learn more, then to scurry back 
to their hotel rooms to play with the tablets and see 
what made them tick. 

In keynotes, Microsoft executives laid out a 
vision for the future of development. U se your exist¬ 
ing skill sets in the development tools you already 
own, and now you'll target 450 million Windows 
users with your applications. Not desktop users, or 
tablet users, or phone users, but all of them. 

N ow BUIL D is over, and M icrosoft again seems 
to have put a gag order on its field people, telling 
them they cannot discuss any of the things that 
were unveiled at the conference. Why? 

H ere is a brief list of things M icrosoft should be 
discussing: 

Silverlight M icrosoft didn’t say it's dead, but it 
didn't say it's alive either. I n fact, M icrosoft didn't 
say anything at all about Silverlight. That's a shame, 


because for now, Silverlight remains the only tool 
in the M icrosoft arsenal that enables rich I nternet 
applications to run cross-platform. With 
HTM L5/CSS/Winj S, "as soon as you develop 
against the WinRT stack, you're tied to Windows 8. 
You can't lift it out and plug it into a browser," 
explained Scott Lock of Excella Consulting. 

C& M ost of the keynote demos were written in 
C/C++, apparently the preferred language of the 
Windows 8 team. But, as Lock pointed out, if the 
majority of the people at the conference are C# 
developers, and most of the demos are in C/C++, 
what message is M icrosoft sending? 

X86 vs. ARM: F irst, developers were told that 
x86 applications would not run on the ARM chips, 
then word was that they would run on the chip. 
Then, another about-face occurred, and again, 
developers were told they would not run on the 
chip. N ow, the last word is that they will. D evelop¬ 
ers deserve a straight answer on this. 

XAML: M icrosoft kept referring to XAM L as 
"Microsoft XAML” at BUILD, and positioned it 
almost as a proxy layer atop Windows RunTime. 
Clarification would be good. 

These are but a few questions that emerged after 
the early look at Windows 8. Other questions 
involve moving Silverlight applications to Metro. 
During a demo, a Microsoft exec said he could 
change but two lines of code in the XAM L-based 
Silverlight app to run it with the M etro styling. "A 
lot of folkssaid, ‘Yeah, I don't know about that.'That 
looked like some kind of demo magic," Lock said. 

M icrosoft is excellent at marketing. It paints a 
grandiose picture of the future of development and 
offers up a bunch of cool demos. But all this secrecy 
leads some, including this observer, to believe that 
Microsoft doesn’t yet have the answers. Lock 
summed it up this way: "All thisgivesthe impression 
that it's not all worked out yet." I 
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DATE 

SHOW 

CITY 

SPONSOR 

LINK 

Oct. 17-19 

Web 2.0 Summit 

San Francisco 

O'Reilly Media 

www.web2summit.com 

Oct. 17-20 

Zend PHP Conf. 

Santa Clara 

S&S Media 

www.zendcon.com 

Oct. 18-20 

BlackBerry Developer Conf. 

San Francisco 

RIM 

www.blackberrydevcon.com 

Oct. 24-26 

Business of Software 

Boston 

Redgate 

businessofsoftware.org 

Nov. 6-9 

AnDevCon II 

San Francisco 

BZ Media 

www.andevcon.com 


For a more complete calendar of U.S. software development events, see www.sdtimes.com/calendar. Information is subject to change. Send news about upcoming events to events@bzmedia.com. 
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SPTechCon 

The SharePoint 
Technology Conference 


Feb. 26 - 29,2012 -> San Francisco 


Downtown 
Location! 

San Francisco 
Hilton 

Check out more than 
55 exhibitors! 



Choose from over 
AA Classes 

Workshops! 


Learn from the most experienced 
SharePoint experts in the industry! 


“Great content and speakers.” 

—Dan Stolts, IT Pro Evangelist, Microsoft 

“This was the first time I attended the conference 
and am very happy to have done so. I will be 
attending future events. The topics and content 
were excellent and exactly what I was looking for.” 

—April Heimerl, SharePoint Admin, UnitedHealth Group 

“Great place to get a lot of knowledge in a short 
period of time." 

—Lola Flippo, Sr. Business Solutions Architect, Medseek 


A BZ Media Event 


A Supplement to SD Times 


www.sptechcon.com 
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We expect more than 
55 companies to exhibit. 

Check 

www.sptechcon.com 
for updates! 


EXHIBIT HALL HOURS 

11:00 am - 6:45 pm Tuesday 
10:00 am - 2:00 pm Wednesday 


From the Chairman 

Make the Most of SharePoint 


Dear SharePoint Professional: 

We’d like to welcome you to 
SPTechCon: The SharePoint Technolo¬ 
gy Conference, here in beautiful, 
historic downtown San Francisco. 

Aside from the new location, the first 
thing you’ll probably notice about this 
year’s conference is that we’ve 
expanded it to four days, to give you 
more classes to choose from, more 
time to engage with speakers and 
colleagues, and more time to enjoy “The City 
by the Bay.” 

The first day is our pre-conference workshop 
day, where you can take a deep dive into 
SharePoint from your point of view as a devel¬ 
oper, admin or end user, for example. Then, for 
the next three days, you can immerse yourself 
in SharePoint by choosing the courses you’re 
interested in from among the more than 80 
sessions we’re offering. After all the hard work 
is done, relax during our “Lightning Talks” and 
hear from our speakers and other third-party 
experts in rapid-fire, highly targeted talks. 

You might even win a prize! 

On Monday, SharePoint911's Todd Klindt and 
Shane Young will kick things off with an opening 
keynote. We know you'll enjoy this session from 
the unofficial “Clown Princes of SharePoint.” 

Tuesday kicks off with a Microsoft keynote, and 
the opening of the exhibit hall floor, where we 
expect more than 50 third-party software sup¬ 
pliers to be demo’ing the tools that extend 


SharePoint and add on critical func¬ 
tionality. There’s our famous ice 
cream social in the afternoon, and a 
welcoming reception on the exhibit 
hall floor later that evening. 

While you’re here, you’ll have plenty 
of opportunities to hang out with our 
faculty members — Microsoft MVPs 
and some of the brightest consult¬ 
ants working in the field today. And 
they’ll be around for the duration, 
available to answer your questions and even to 
engage in brief discussions during the breaks 
between sessions. Also, our staff is always 
available and happy to give you materials you 
need and to help you navigate around the 
conference to find the classes you’re most 
interested in. 

And on Wednesday, the Winner’s Circle returns 
to the exhibit hall floor, where our sponsors will 
be giving out some great swag for stopping by 
their booths. 

So get ready to take your SharePoint skills to 
new heights. We’re working hard to make this 
the best SharePoint conference there is. And 
we’re very glad you’re here to help make it so! 



David Rubinstein 
Conference Chairman 



David Rubinstein 

Conference Chairman 


Get the SPTechCon Conference App! 


Classes, workshops, the entire conference 
schedule and more are now in the palm of your 
hand! Install the free EventBoard application 
onto your Windows Phone, iPhone/iPad or 
Android device, and then choose SPTechCon 
from within the app to access tons of confer¬ 
ence information. Also use 
the app to help make 
SPTechCon better with 
instant feedback on sessions 
and speakers! 



Features: 

• Examine the schedule for classes, workshops, 
keynotes and more 

• Reference detailed descriptions of sessions 
and speakers 

• Build a personal SPTechCon schedule 

• Provide feedback on sessions and speakers 
The app is available for download and will 
continually be updated until the conference! 
Download it today at 
eventboardmobile.com/download.html 


Need approval from your boss 
to go to SPTechCon? 

See our website for tips on how to get approval 
to attend, and download a sample letter you can 
fill out and give to your boss! 



Follow us at twitter.com/SPTechCon 

















Event Schedule 


Saturday, February 25 


4:30 pm - 7:00 pm 

Pre-Registration Open 

Sunday, February 26 

7:30 am - 7:00 pm 

Registration Open 

8:00 am - 9:00 am 

Continental Breakfast 

9:00 am - 4:30 pm 

Pre-Conference Workshops 

Monday, February 27 

7:30 am - 6:30 pm 

Registration Open 

7:30 am - 8:45 am 

Continental Breakfast 

8:45 am - 9:00 am 

Welcome 

9:00 am - 10:00 am 

Keynote 

10:00 am - 10:15 am 

Coffee Break 

10:15 am - 12:30 pm 

Technical Classes 

12:30 pm - 1:30 pm 

Lunch Break 

1:45 pm - 3:00 pm 

Technical Classes 

3:00 pm - 3:15 pm 

Coffee Break 

3:15 pm - 4:30 pm 

Technical Classes 

4:45 pm - 6:15 pm 

Lightning Talks 

Tuesday, February 28 

7:30 am - 6:45 pm 

Registration Open 

7:30 am - 8:30 am 

Continental Breakfast 

8:30 am - 9:45 am 

Technical Classes 

10:00 am - 11:00 am 

Microsoft Keynote 

11:00 am - 11:30 am 

Coffee Break 

11:00 am - 6:45 pm 

Exhibit Hall Open 

11:30 am - 12:45 pm 

Technical Classes 

12:45 pm - 1:45 pm 

Lunch Break 

2:00 pm - 3:15 pm 

Technical Classes 

3:15 pm - 3:45 pm 

Coffee, Ice Cream - Exhibit Hall 

3:45 pm - 5:00 pm 

Technical Classes 

5:00pm - 6:45 pm 

Attendee Reception - Exhibit Hall 

Wednesday, February 29 

7:45 am - 4:30 pm 

Registration Open 

7:45 am - 8:45 am 

Continental Breakfast 

8:45 am - 10:00 am 

Technical Classes 

10:00 am - 10:45 am 

Coffee Break - Exhibit Hall 

10:00 am - 2:00 pm 

Exhibit Hall Open 

10:45 am - 12:00 pm 

Technical Classes 

12:00 pm - 1:00 pm 

Lunch 

1:30 pm - 2:00 pm 

Dessert, Winner’s Circle - Exhibit Hall 

2:00 pm - 3:15 pm 

Technical Classes 

3:15 pm - 3:30 pm 

Coffee Break 

3:30 pm - 4:45 pm 

Technical Classes 

4:45 pm 

Conference Closes 



“I’ve attended many conferences and none, until SPTechCon, 
have matched my experiences at those conferences. 

I thought it was THAT good! Go! It's worth your time! 

You will meet fantastic people and world-class speakers.” 

—Keith Budurka, IT Director, Infrastructure, Benco Dental Company 



“The best conference I ever attended.” 

—Antonio Andrade, IT Internet Programmer, Holland & Knight 


“It’s a great event to attend, whether you are a power user 
or SharePoint expert.” 

—Jason Goodman, Newtork Admin, Finley & Cook, PLLC 



“It’s a fantastic opportunity to learn and connect.” 

—Kim Frehe, Business Systems Specialist, Accenture 


“You’ll have the opportunity to be exposed to new 
technologies and have great interactions with vendors. 
The conference was run very well.” 

—John Celusak, Desktop Support Specialist, NECA 
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Here’s a snapshot of some of the great classes that will be offered at 
SPTechCon San Francisco. More sessions from the smartest SharePoint 
experts will be offered at the conference. Check www.sptechcon.com for 
updates and the most current information. 


Technical Classes 


Session Levels 

Overview: No previous knowledge of the class’ 
subject is required, and the sessions will be a 
high-level introduction of the topic. 

Intermediate: These broad technology sessions 
emphasize capabilities and how things work. As 
appropriate, the instructor will show examples. 

Advanced: These sessions teach attendees 
how to implement a solution. As appropriate, the 
instructor will include detailed samples. 

Topic Areas 

Developer Essentials: These technical 
classes and workshops are geared to software 
developers looking to write custom applications, 
or to extend out-of-the-box functionality. Topics 
include branding, BDC/BCS, Client Object Model 
and more. 

IT Pro Essentials: These technical classes and 
workshops cover topics specific to setting up 
and managing SharePoint Server, including 
permissions, farm architecture, integrations, 
storage and virtualization, among others. 

Line of Business Essentials: These sessions 
are geared to business users who are looking to 
SharePoint for document management, search, 
and reporting, as well as working with lists, 
libraries and forms. Also, power users looking to 
create their own simple SharePoint applications 
or manipulate metadata and content would 
benefit from these classes. 

Architecture Essentials: These classes and 
workshops are aimed at business, software 
and IT architects, and address topics such as 
workflow, governance, search, metadata and 
taxonomy, and content types. 


“Great energy, content, knowledge.” 

— Dennis Nason, Systems Admin, 

Town of Scarborough, Maine 



Overview 

Build It and They Will Come: 
SharePoint 2010 User Adoption 
Scott Jamison 

Do you believe in SharePoint, but feel your hard 
work is not understood or appreciated? Do you 
see the value SharePoint can deliver, but feel your 
investment is wasted? If so, join this session to 
learn real-world strategies and best practices for 
driving end-user understanding, appreciation and 
adoption. This session will walk IT pros and deci¬ 
sion makers through common end-user adoption 
situations, and teach them how to turn naysayers 
and silent voices into believers! 

Level: Overview 

Audience: IT Pro Essentials, Line of Business Essentials 

Delivering Better Business Outcomes 
with SharePoint Technologies 
Dave Healy 

SharePoint’s rich technology set and robust capa¬ 
bilities make it the perfect tool set for organizing, 
integrating and automating business processes 
and systems to drive improved organizational per¬ 
formance. Yet it remains poorly understood and 
significantly underutilized as an enabler of busi¬ 
ness strategy, value creation and ongoing process 
improvement. 

Through a number of real-world case studies, 
this session will demonstrate a consistent, compre¬ 
hensive and repeatable approach to driving process 
improvement with SharePoint technologies. You will 
learn how to: 

• Prioritize goals and objectives 

• Identify key process and technology enablers 

• Select appropriate improvement techniques 

• Define a corresponding SharePoint technology 
strategy. 

This session is appropriate for SharePoint 2007 
and SharePoint 2010. 

Level: Overview 

Audience: Line of Business Essentials 

Getting the Most out of 
SharePoint Search 
John Ross 

SharePoint Search is often one of the easiest 
areas to see immediate ROI from SharePoint. 
Although it works well out of the box, the key to 
unlocking the potential of SharePoint Search starts 
with understanding how it works. In this session, 
well discuss the different factors that determine 
relevancy in SharePoint and how to use them to 
make sure users are finding the content they are 
looking for. This session is designed for all users 
who want to get a better understanding about 


SharePoint Search, and to learn techniques that 
don’t require any code to create a better search 
strategy for their organization. 

Level: Overview 

Audience: Architecture Essentials, Line of Business 
Essentials 

Governance Best Practices in 
SharePoint 2010 
Scott Jamison 

Without proper governance, even the best-inten- 
tioned SharePoint deployment can go wrong. Do 
you want to learn how to create an effective gov¬ 
ernance plan? Would you like to understand the 
impact of key changes such as social features and 
solution development changes on your planning 
process? If so, join us for a timely discussion 
around planning your SharePoint 2010 deployment 
through the use of governance best practices. 
Level: Overview 

Audience: Line of Business Essentials 

How to Be a SharePoint Developer 

Andrew Connell 

So you’re a developer, and you’ve heard about this 
SharePoint thing and want to jump on the band¬ 
wagon? This is the session for you. Here you’ll 
learn about the various options you have in setting 
up a SharePoint development environment. Then 
we’ll explore the developer tools and build a few 
common features. Finally, you’ll learn the best 
places to go to get information and help going for¬ 
ward, including books, classes and online forums. 
Level: Overview 

Audience: Developer Essentials 

Introduction to SharePoint Designer 
2010 Workflow 
Chris Beckett 

SharePoint Designer 2010 brings a new level of 
usability and functionality to building workflows in 
SharePoint. This session will introduce the essen¬ 
tials of designing and building workflows with 
SharePoint Designer 2010 and customizing work- 
flow forms using InfoPath 2010. 

Level: Overview 

Audience: Architecture Essentials, Line of Business 
Essentials 

Leveraging the Business Intelligence 
Features in SharePoint 2010 
Ted Pattison 

This session provides a general overview of the 
Business Intelligence features built into the enter¬ 
prise version of SharePoint Server 2010. You will 
learn about the individual components and 


Check the website for the class schedule and MORE NEW Classes! 













services, including the Business Intelligence 
Center site template, the Charting Web Part, Excel 
Services and Performance Point Services, as well 
as the SharePoint 2010 integration support for 
SQL Server Reporting Services. The session will 
also describe how all these pieces fit together and 
how they can be used to build Bl solutions for the 
most common scenarios that involve reporting and 
data analysis. 

Level: Overview 

Audience: Line of Business Essentials 

Looking Under the Hood: How Your 
Metadata Strategy Impacts Everything 
You Do 

Christian Buckley 

For many users, the importance of a strong meta¬ 
data and taxonomy strategy is unclear. This presen¬ 
tation will walk through some common end-user 
scenarios (adding documents to a library, participat¬ 
ing in an enterprise workflow, finding technical 
expertise through some of the new social search 
features in SharePoint 2010), and discuss the meta¬ 
data and taxonomy implications. The goal of the 
presentation is to show the importance of metadata 
and a taxonomy strategy, how the lack of a strate¬ 
gy can impact these common scenarios, and the 
ability to leverage the full functionality of SharePoint. 
Level: Overview 

Audience: Architecture Essentials, Line of Business 
Essentials 

Staffing Your SharePoint Deployment 

Bill English 

In this session, you’ll learn firsthand what others 
are doing to staff their deployments. You’ll also 
learn about their deployments in general and why 
the results are as they are. This is a thought-pro¬ 
voking session, so you won’t want to miss it. 

Level: Overview 

Audience: IT Pro Essentials, Line of Business Essentials 

The Power of Content Types 

Laura Rogers 

In SharePoint, the concept of content types seems 
a bit ambiguous to most people. This session will 
teach you what you need to know about content 
types to be able to implement them in your com¬ 
pany. You may have heard that content types can 
be used in order to upload document templates so 
that they display as choices for users on a 
library’s “New” button. Yes, that can be done, but 
wait, there’s so much more! 

In conjunction with site columns, content types 
can be utilized to create custom business solutions. 
Take your lists and libraries to the next level without 
having to do any custom development. In this ses¬ 
sion, demonstrations will be done to take you 
through common scenarios and show how to use 
the power of content types in SharePoint. Many of 
these concepts carry over from SharePoint 2007 to 
2010, but new 2010 capabilities will be highlighted. 
Level: Overview 

Audience: Architecture Essentials, Line of Business 
Essentials 

The Seven Most Important SharePoint 
Success Factors 
Richard Harbridge 

When implementing SharePoint solutions and 


SharePoint as an enterprise platform, there are a 
considerable number of non-technical (people- 
focused) factors that influence whether it is suc¬ 
cessful or a failure. What you can expect to see 
and get from this session: 

• Tips and tricks relating to the non-technical chal¬ 
lenges of SharePoint implementations that you 
can use tomorrow 

• How to select and evaluate the right technology 

• How to measure and evaluate ROI and priorities 

• How to approach SharePoint projects 

• How to effectively support your SharePoint 
environment 

• How to handle and plan for new work and 
growth 

Level: Overview 

Audience: IT Pro Essentials, Line of Business Essentials 

Intermediate 

Architecting a SharePoint Server 
2010 Farm 
Ben Curry 

So, you are ready to install or upgrade to Share- 
Point Server 2010 but don’t know where to start? 
All of the options and endless combinations of 
service application topologies can be overwhelm¬ 
ing. This session provides a thoughtful approach 
to designing your SharePoint Server 2010 server 
farm and gives you confidence that you are head¬ 
ing in the right direction. You’ll learn about the 
service application architecture, common design 
decisions for scaling service applications, Web 
application considerations, and how your logical 
architecture will affect the physical farm topology. 
Level: Intermediate 
Audience: IT Pro Essentials 

Back At It Again... More CSS 

Goodness 

Heather Solomon 

This instructor thrives on figuring out cool stuff to 
do in SharePoint with CSS only. Today’s topic? 
Identifiers. If you can identify it, you can modify it. 
Don't pull up short at IDs and classes. Dive into 
the many ways you can target a SharePoint ele¬ 
ment and modify the look and feel with CSS. 
Descendent selectors, pseudo selectors and 
attribute selectors are indispensable tools with 
SharePoint CSS. Learn how to target specific navi¬ 
gation, Web parts and more. 

Level: Intermediate 
Audience: Developer Essentials 

Building a New Business Structure 
Using Office 365 
Paul J. Swider 

Increasingly, people are looking to build business 
infrastructure using cloud-based platforms. In this 
session, you will learn how you can use Office 365 
to start and run a new company. You will learn about 
the registration process, online Web presence, man¬ 
aging corporate data and your domain. The topics 
will be relevant to companies that need to support a 
complex business process for larger teams. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 


SPTechCon 

The SharePoint 
Technology Conference 


Feb. 26-29,2012 -> San Francisco 


“The technical classes were great. 
There were excellent instructors 
and good choice of classes. 

Wish I could have been in two 
classes at the same time. 

Looking into cloning myself before 
the next conference!” 

—Karen Wassell, Director, IT Architecture, DTCC 



Building a Records Management 

Practice 

Amanda Perran 

Many organizations recognize the importance of 
an effective Information and Records Management 
strategy; however, they often do not have a for¬ 
malized practice or team of records administra¬ 
tors in place to champion its development. This 
session will discuss taking your organization from 
the ground level and walk you through the key ele¬ 
ments of building a Records Management practice 
in your organization and how these elements can 
be mapped effectively to the features available 
within SharePoint Server. 

Level: Intermediate 

Audience: Line of Business Essentials 

Business Connectivity Services: 
Beyond the Beginning 
Brett Lonsdale 

This is a fast-paced session providing you with a 
lightning tour of BCS and the benefits that it can 
provide your organization. After the overview of 
BCS, we will quickly dive into advanced topics sur¬ 
rounding the connectivity to external data sources 
using both SharePoint Designer 2010 and Visual 
Studio .NET 2010 Professional. Many of the 
“gotchas” will be explained, as well as tips around 
performance and security improvements that you 
can make to your BCS solution. 

Level: Intermediate 
Audience: Developer Essentials 

Creating Bl Solutions with Excel Services 
and PerformancePoint Services 
Ted Pattison 

This session provides a deep dive into implement¬ 
ing business solutions in SharePoint Server 2010, 
using Excel Services and PerformancePoint Ser¬ 
vices. The session begins by discussing the vari- 



Register early—this conference will sell out! 
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Technical Classes 


ous places that business data can live, such as 
SQL Server tables, SharePoint lists or inside SQL 
Server Analysis Services in the form of cubes and 
Key Performance Indicators (KPIs). The session 
will also introduce the core concepts of OData and 
explain how this new protocol can be leveraged 
when building custom Bl solutions. 

The session will examine how to leverage 
Excel Services to create Web-based applications 
that perform calculations and present charts and 
pivot tables to business users. There will also be a 
discussion of how to publish charts and pivot 
tables in a more granular fashion, and how to 
access them through the new REST-based Web 
services. 

The session concludes by discussing Perfor- 
mancePoint Services and using the Dashboard 
Designer to create pages in a SharePoint site in 
which you will learn how to build interactive dash¬ 
board pages that allow your users to view and inter¬ 
act with KPIs, scorecards and query filters to effec¬ 
tively drill-down on the information stored in SQL 
Server Analysis Services. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 

Creating Custom-Branded Sites for 

SharePoint 2010 

Randy Drisgill and John Ross 

In this session, we will take a deeper look at how 
branding is created for SharePoint 2010. Some of 
the topics will include how themes and colors can 
be applied to custom branding assets, an in-depth 
look at the out-of-the-box master pages and a 
starter master page, upgrading 2007 master 
pages to work with SharePoint 2010, and how 
page layouts are created for SharePoint 2010. 
Throughout the session, we will look at how Share- 
Point Designer 2010, as well as other tools such 
as Firebug, can be used to make the job easier. 
Level: Intermediate 

Audience: Developer Essentials, Line of Business Essentials 


Creating Simple Dashboards Using 
Out-of-the-Box Web Parts 
Jennifer Mason 

In this session we will look at some basic out-of- 
the-box ways to create powerful dashboards for 
managing teams and projects. Our dashboards will 
be created using multiple connected Web parts all 
configured from the browser. This session will give 
you a good overview of lists, views, Web part 
pages and Web part connections. This is a great 
session for those just getting started with Share- 
Point and want to push the limits of out-of-the-box 
configuration. 

Level: Intermediate 

Audience: Line of Business Essentials 

Demystifying Information Architecture, 
ECM & Governance: A Real-World 
Approach for Implementation Success 
Ben Curry 

If you want to learn a practical approach to design¬ 
ing information architecture and governance, this 
is the session for you! Come see how to create 
URL taxonomies, noun taxonomies, and associat¬ 
ed process discovery methods in a simple and 
straight-forward approach. Last, well take a look 
at using Managed Metadata Services and other 
enterprise content management product features 
to meet the requirements defined in the first half 
of the session. Well discuss how and when to 
leverage multiple managed metadata service appli¬ 
cations to meet your ECM, process automation, 
and collaboration needs. 

The attendee will learn how to discover busi¬ 
ness requirements that directly map to the overall 
SharePoint Server 2010 information architecture. 
Last, they’ll learn what really matters in an informa¬ 
tion architecture plan. Most information architec¬ 
ture plans fail because they don’t address the 
usability and consistency required in a business 
platform, nor do they take into account the full 
scope of collaboration, ECM, and business 


process automation. 

Level: Intermediate 
Audience: Architecture Essentials 

Five Steps to Migrate from File 
Systems to SharePoint 
Dave Coleman 

The Holy Grail seems to be moving your files from 
network shares to SharePoint document libraries, 
and finally closing those legacy shares out. This 
presentation will be a case study focused at look¬ 
ing at how to migrate from file systems to Share- 
Point. The session will also include migration 
strategies and best practices. The five steps—file 
system inventory, data cleanup, mapping of meta¬ 
data, migration, and validation of data—will be 
shown in detail and include examples. 

Level: Intermediate 
Audience: IT Pro Essentials 

Four Practical Uses for the Client 
Object Model 
Peter Serzo 

Before SharePoint 2010 introduced the Client 
Object Model, specific custom-code business solu¬ 
tions only had two possibilities: Utilize the Server 
Object Model and have the code rolled out on the 
server, or create a solution using Web services. 

The issue with rolling code on the server was one 
of governance and security. The issue with Web 
services is that the developer is limited to what 
methods are exposed, and furthermore, writing 
code that was responsive without postbacks 
required SOAP knowledge and AJAX. jQuery filled 
this hole, but required another library and knowl¬ 
edge base. 

Leveraging the Client Object Model, a developer 
and business can create Silverlight, .NET and 
ECMAScript applications that do not sit on the serv¬ 
er. Additionally, developers do not have to learn a 
new technology. A real-world application of this tech¬ 
nology will be shown in the context of four business 
use cases. Participants will have a clear understand¬ 
ing of where and when to apply this technology 
after this session. 

Level: Intermediate 
Audience: Developer Essentials 

Get Ready for HTML5 and SharePoint 

Heather Solomon 

HTML5 is the new Web hotness. If it seems daunt¬ 
ing, or you think you have to scrap what you have 
now and start over, then check out this session. 
Learn how to put HTML5 to work today and see 
different ways it can enhance your SharePoint 
sites. And no worries, you won’t be excluding any¬ 
one from accessing your site! Topics include 
HTML5 features, how to upgrade and using it as a 
tool to improve your existing site. All demos and 
code are in SharePoint. 

Level: Intermediate 
Audience: Developer Essentials 


“Great, focused conference with something for devs, admins and power users. 
Best place to get new approaches to common SharePoint problems.” 

—Andrew Bell, Engineer, Newport News Shipbuilding 
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Go Beyond the Numbers: 

Data Visualization in SharePoint 2010 

Chris McNulty and Sadie Van Buren 

SharePoint 2010 creates brand new ways for 
users to chart and explore their data. Join us for a 
whirlwind tour of Excel Services, Power Pivot, 

BCS, Mapping, PerformancePoint and SQL Report¬ 
ing Services. Well go through the business case 
for each followed by a live demo of how the solu¬ 
tion is built. There’s something for everyone— 
whether or not you’ve ever written code! New for 
2012, we’ll be spotlighting self-service Bl, as sup¬ 
plied by SQL 2008 R2, integrated with SharePoint. 
Level: Intermediate 

Audience: Developer Essentials, IT Pro Essentials, Line of 
Business Essentials 

Increasing SharePoint Engagement 

Robert Bogue 

You have it mastered from a technical perspective. 
The farms are in place. The developers are writing 
solutions packages. Now, how do you get your 
organization to use what you’ve put in place? In 
this session, you’ll learn about what it takes to get 
users to use SharePoint and the barriers you’ll 
have to push through to make it all work. Filled 
with real-world psychology tips, you’ll walk away 
with techniques you can use. SharePoint may be a 
powerful platform - but only when users use it. 
Learn how to make that happen. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 

Introduction to Visio Services 

Jennifer Mason 

Visio Services is a powerful new addition to Share- 
Point 2010. In this session, we will look at different 
ways that you can incorporate Visio into your 
SharePoint projects. Once we have the diagrams 
published to our SharePoint site, we will look at dif¬ 
ferent ways to connect the diagram to SharePoint 
lists and Web parts. This session will allow you to 
see Visio in action using real-world examples. 

Level: Intermediate 

Audience: Line of Business Essentials 

Is Your SharePoint Really Healthy? 
What’s the Right Prescription? 

Richard Harbridge 

In many organizations, SharePoint is a critical 
enterprise platform. As an organization matures, 
the platform must mature and grow along with it 
to ensure it can continue to meet and exceed the 
needs of the business. If the SharePoint imple¬ 
mentation is unhealthy or has problems, these will 
compound over time and may lead to solution, 
project and potentially even platform failure. This 
session, relevant to SharePoint 2007 and Share- 
Point 2010, offers steps to ensure that never 
happens. 

A “SharePoint Health Check” will identify how 
healthy your SharePoint implementation is in the 
areas of infrastructure, performance, security, inte¬ 
gration, search, taxonomy, governance, user adop¬ 
tion, usability and development. A “SharePoint Pre¬ 
scription” will offer many SharePoint best practices 
that can help make your SharePoint environment 
healthier based on the aforementioned areas. 

Level: Intermediate 

Audience: Architecture Essentials, IT Pro Essentials 


Leveraging Web Content Management 
in SharePoint 2010 
Christina Wheeler 

SharePoint is a very powerful tool that has so 
many powerful features other than just document 
management. More and more companies are uti¬ 
lizing the Web Content Management features of 
SharePoint to build external facing websites. This 
session is designed to demonstrate how to lever¬ 
age SharePoint’s Web Content Management 
(WCM) features to help empower non-IT staff to 
manage content along for your external-facing 
website. This session will also cover the best 
practices for architecting and creating SharePoint 
sites using WCM. 

Level: Intermediate 

Audience: Architecture Essentials, Developer Essentials 

Real World Social Networking 
Adoption Strategies Leveraging 
SharePoint 2010 
Shadeed Eleazer 

Implementing a successful corporate social net¬ 
working governance plan has become a necessi¬ 
ty for organizations seeking to leverage the 
enterprise features of SharePoint 2010. In this 
session, attendees will gain an understanding of 
how collaboration impacts social networking, and 
the methods for ensuring successful social net¬ 
working adoption, both internally and leveraging 
popular platforms for business usage. This ses¬ 
sion will: 

• Review key enterprise features and deliver 
strategies for increasing user adoption based on 
case studies and real-world examples 

• Explain the importance of creating social net¬ 
working policies and guidelines, leveraging 
examples from various business sectors 

• Discuss key strategies for implementing social 
networking into training, documentation, and 
Knowledge Management 

• Facebook now or later: Attendees will be 
equipped with tools to prioritize key SharePoint 
social networking features to ensure adoption 

• Explain the roles that site owners, power users, 
and management play in the enterprise rollout of 
a corporate social networking strategy 

Level: Intermediate 

Audience: Line of Business Essentials 

SharePoint 2010 Branding 

for the Masses 

Randy Drisgill and John Ross 

When it comes to the look and feel of your Share- 
Point site, sometimes all you need is a little bit of 
custom style to move it to the next level. This ses¬ 
sion will introduce the topic of branding as it 
relates to SharePoint 2010 in a way that anyone 
can approach. We will look at some of the tech¬ 
nologies involved in creating branding for Share- 
Point 2010, which will include creating a custom 
SharePoint 2010 theme using Microsoft Office, as 
well as making changes to master pages using 
SharePoint Designer 2010. 

Throughout the session, we will discuss new 
features that affect branding in SharePoint 2010 
such as the Ribbon, Wiki Pages and Visual 
Upgrade. By the end of the session, attendees will 
have a basic understanding of how to make their 
SharePoint 2010 website look more like their 
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existing corporate Web design. 

Level: Intermediate 

Audience: Developer Essentials, Line of Business Essentials 


SharePoint 2010 Integration and 

Interoperability 

Richard Harbridge 

There are countless challenges when dealing with 
business data. There are issues regarding servicing 
user requests, high data integration costs, and mul¬ 
tiple places to administer, manage and maintain, 
plus more. Microsoft SharePoint is a platform than 
can help significantly reduce the challenges men¬ 
tioned above by using an interoperable platform of 
connected services. In this session, we will explore 
SharePoint’s new interoperability underpinnings as 
well as the BCS to determine how they can be 
leveraged effectively in real-world scenarios. 

What we will be talking about: 

• SharePoint’s important interoperability 

• What is the BCS? 

• External Content Types 

• External Columns 

• External Lists 

• Extensibility and Tooling 
Level: Intermediate 
Audience: Architecture Essentials 

SharePoint and jQuery 

Phill Duffy 

With organizations looking to customize hosted 
SharePoint and Office 365 with Sandbox Solu¬ 
tions, the role of SharePoint Sites — which can 
provide the functionality that end users expect — 
is becoming increasingly important. The require¬ 
ment to create Web Parts that engage with user, 
and provide them with a quick, easy and friendly 
user interface is becoming paramount. 

Luckily, we have a few tools that allow us to 
provide the responsiveness that is demanded of 
us, such as data that can be asynchronously 
loaded behind the scenes rather than waiting for 
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pages to load. In this session, we will be looking at 
where jQuery can help us provide rich user inter¬ 
faces, how to call the SharePoint Web Services to 
retrieve data, and how to interact with elements of 
our HTML in the beautiful simplicity that is jQuery. 
Level: Intermediate 

Audience: Developer Essentials, Line of Business Essentials 

SharePoint Authentication 
and Authorization 
Liam Cleary 

No matter which project, client or product you 
work with, there will always be a need to authenti¬ 
cate and authorize users into the solution. Histori¬ 
cally, SharePoint has not always been the easiest 
platform to use for this, but now with the advent of 
SharePoint 2010, this changes the game. 

In this session, we will look at the array of out- 
of-the-box approaches. Using a real-world business 
requirement, we will use the Windows Identity Foun¬ 
dation to create a trusted identity provider that will 
allow for single sign-on between other SharePoint 
sites. We will also perform the SharePoint configu¬ 
ration to implement this with the standard out-of- 
the-box security of SharePoint to ensure authentica¬ 
tion and authorization is completed easily. 

Using this technology, you will be able to see 
how SharePoint 2010 is more than capable of 
authenticating and authorizing users from any line of 
business or custom authentication store. By the end 
if this session, you will be able to identify the many 
authentication approaches, as well as when to use a 
specific type of authentication or authorization with¬ 
in your solutions. 

Level: Intermediate 

Audience: Architecture Essentials, Developer Essentials, 

IT Pro Essentials 

SharePoint for ASP.NET Developers 

Rob Windsor 

SharePoint allows you to build websites, manage 
lists of data, collaborate on documents, and so 
much more — all done through a simple, easy-to- 
use Web interface. When you need to go beyond 


“I loved the size of the conference. 
It was very informative and there 
was lots of time for interaction in 
the workshops.” 

— Sheri Barrientes, Sr. Business Analyst, 

Integris Health 



the built-in capabilities of the product, SharePoint 
also provides a rich set of APIs to code against. 

This technical class is designed to introduce 
you to the foundational topics required to build 
customizations on the SharePoint platform. Specif¬ 
ically, this class will cover: features, the solutions 
framework, the server object model, the client 
object model, and building simple Web parts. This 
session will be valuable for those working with 
SharePoint 2007 or 2010. An understanding of 
ASP.NET or SharePoint development is required. 
Level: Intermediate 
Audience: Developer Essentials 

SQL Reporting Services 2008: 
Modeling Reporting Success 
Peter Serzo 

SQL Reporting Services 2008 is an underutilized 
tool that can give your organization the competi¬ 
tive edge, given its ability to very quickly trans¬ 
form a humble SharePoint site into a dynamic and 
interactive source for timely, personalized corpo¬ 
rate data. A well-placed chart on a SharePoint site 
can have a tremendously positive effect on user 
evangelism, and ultimate buy-in and adoption of 
SharePoint as a platform. 

This session will introduce SQL Reporting Ser¬ 
vices 2008 and its architecture within SharePoint. 
The session will present drill-down and parameter¬ 
ized queries showing off the integration with Share- 
Point. Included will be a case study on how a model¬ 
ing agency creates sexy, powerful and dynamic 
reports with no code. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 

Stop Those Prying Eyes Getting to 
Your Data 
Liam Cleary 

Whether you are an architect, developer or IT profes¬ 
sional, you will have worked on projects where secu¬ 
rity is the number one priority. In this session, we will 
look at the methods that can be used to secure not 
only access to the site via authentication, but also 
look at securing content from people who should not 
be seeing it. We will use a mix of out-of-the-box capa¬ 
bilities, as well as custom code and the Microsoft 
Forefront product range. After this session, you will 
be able to successfully secure the content you need 
and have complete control over user access. 

Level: Intermediate 

Audience: Architecture Essentials, Developer Essentials, IT 
Pro Essentials 

Taming Information Chaos: 

Metadata, Taxonomy and Information 
Architecture Fundamentals for 
Enterprise Content Management 
Eric Shupps 

Implementation of a proper information architecture 
based on well-defined taxonomies and structured 
metadata can make information easier to find and 
dramatically increase productivity; however, getting 
it right the first time is a challenging task. 

In this session, you will learn the fundamentals 
of structured information management in SharePoint 


2010 and receive guidance from real-world scenar¬ 
ios that can be applied immediately within your 
organization. Topics include information architec¬ 
ture, taxonomy design, managed metadata, cre¬ 
ation and publication of enterprise content types, 
use of document sets, and much more. 

Level: Intermediate 

Audience: Architecture Essentials, IT Pro Essentials, 

Line of Business Essentials 

Together Forever: Project Server 
2010 and SharePoint 2010 
Chris McNulty 

Although SharePoint 2010 provides many tools 
useful for project management, enterprise users 
often require more sophisticated tools for 
resource management, business intelligence and 
forecasting, project planning, portfolio manage¬ 
ment and issue resolution. Project Server can be 
simple to install, but requires care to implement, 
integrate and sustain successfully. 

Well review our project management maturity 
model to help you plan when Project Server is right 
for your enterprise, and how to use SharePoint or 
Project Server to meet your real needs. Well also 
review successful patterns for implementing Share- 
Point business intelligence solutions for Project 
Server data. Finally, well review best practices in 
deployment and administration, project manage¬ 
ment, SharePoint integration and user security. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 

Understanding Sandboxed Solutions 

Chris Beckett 

Sandbox solutions provide the ability to build and 
deploy more secure and manageable solutions for 
SharePoint 2010. Office 365, and the increase in 
cloud-based SharePoint deployments, makes 
understanding Sandbox solutions essential knowl¬ 
edge for SharePoint IT pros and developers. 

This session will take a deep dive into the User 
Code Service Architecture; explore the strengths 
and limitations of developing Sandbox solutions; 
describe how to deploy, monitor and manage Sand¬ 
box solutions; and demonstrate some practical 
techniques for making the most of this technology 
for SharePoint customization. 

Level: Intermediate 

Audience: Developer Essentials, IT Pro Essentials 

Upgrading from the Business Data 
Catalog to Business Connectivity 
Services and What to Look Forward to 
Brett Lonsdale 

The Business Data Catalog in SharePoint 2007 
provided us with a great solution for presenting 
line-of-business data in SharePoint and bringing 
external data sources together into SharePoint. 

In this session, we will discuss the improvements 
that Business Connectivity Services has to offer 
under SharePoint 2010, including External Lists, 
offline availability of data, Read Write, Office inte¬ 
gration and connection tools. Well also provide an 
understanding of how you can upgrade your BDC 
solutions to work with BCS. This session will pro¬ 
vide a great overview of BCS, arming you with 


Check the website for the class schedule and MORE NEW classes! 







everything that you need to know about upgrading 
from BDC to BCS. 

Level: Intermediate 
Audience: Developer Essentials 

We’ve Got SharePoint — Now What?!?! 

Eric Riz 

The senior executives and stakeholders have cho¬ 
sen SharePoint 2010 for the new corporate portal 
to house document management, build some addi¬ 
tional process to the business, and to bring the 
company to the next level. So, now what? 

This session is designed for users who are early 
or midway through their implementation. We will dis¬ 
cuss all facets of a SharePoint implementation, from 
project team roles to rollout strategies and planning 
tactics for the final release to the business. This ses¬ 
sion will be accompanied with some useful planning 
and execution documents for attendees to take back 
to their organizations and use immediately! 

Level: Intermediate, 

Audience: Line of Business Essentials 

Why Should You Use FAST Search 
with SharePoint? 

Brian Culver 

Why would you pay for FAST Search? What will it 
take to implement FAST Search in your organiza¬ 
tion? Once it is installed, what can you do with it? 
This session will review common business drivers 
for implementing FAST Search over the SharePoint 
Search Server and what it takes to implement it. 
We will all look at the FAST features and how they 
improve the search experience. 

Level: Intermediate 

Audience: IT Pro Essentials, Line of Business Essentials 

Working with Lists and Libraries 

Jennifer Mason 

Do you know all of the different things you can do 
using SharePoint lists and libraries? In this session, 
we will take a look at the different out-of-the-box list 
features and how they can be combined to build 
powerful no-code business solutions. We will look 
at the new features available in SharePoint 2010 
and how they can be used to increase productivity. 
Some of the new features include working with 
lookup columns, new list settings, new view set¬ 
tings, inline editing and custom form creation. 

Level: Intermediate 

Audience: Line of Business Essentials 


Advanced 

Advanced SharePoint Web Part 

Development 

Rob Windsor 

Web Parts are the foundation of user interfaces in 
SharePoint. As a developer, it’s relatively easy 
(particularly with the Visual Web Part in SharePoint 
2010) to build something simple and get it 
deployed. But what do you do when you need to 
add editable properties or when you need to con¬ 
nect two Web Parts together? 

This fast-paced, demo-heavy session covers the 
more advanced aspects of building Web Parts for 
SharePoint 2007 and 2010. We’ll take a look at cre¬ 
ating custom editor parts, building Visual Web 
Parts, constructing connected Web Parts, making 
Web Parts asynchronous, and using custom 


JavaScript code with Web Parts. 

Level: Advanced 
Audience: Developer Essentials 

Building Dynamic Applications with 
the SharePoint Client Object Model 
Eric Shupps 

The Client Object Model provides developers with 
a rich set of tools for building remote applications 
using the SharePoint 2010 framework. Learn how 
and when to use the Client Object Model in your 
applications, discover how it compares to server- 
side development, evaluate the potential benefits, 
and gain a clear understanding of its functionality 
across multiple platforms. 

Level: Advanced 
Audience: Developer Essentials 

Building Native Windows Phone 7 
Applications for SharePoint 
Steve Pietrek 

According to the IDC, Windows Phone 7 will sur¬ 
pass iOS as the number two mobile platform by 
2015. The release of the “Mango” operating sys¬ 
tem is expected to bring more users to Windows 
phones. These users will be requesting the same 
native applications—including applications that 
access SharePoint data—they used on other 
mobile platforms. 

Attendees of this session will learn how to build 
rich, powerful line-of-business Windows Phone native 
applications that leverage SharePoint data. The ses¬ 
sion will then walk through the development basics 
(tools, emulators, XAML, styles, layouts, application 
settings application bars, page navigation), retriev¬ 
ing data from SharePoint lists and document 
libraries using the Client Object Model, managing 
code using the MWM development pattern, and 
deployment. 

Level: Advanced 
Audience: Developer Essentials 

Building Silverlight Applications for 

SharePoint 

Steve Pietrek 

SharePoint is an excellent platform for hosting 
line-of-business applications. Site administrators 
can build applications in the browser or Share- 
Point Designer. When little or no-code applications 
do not meet the business requirements, Share- 
Point developers can create advanced applica¬ 
tions that are deployed to the SharePoint Server. 
However, many companies have a governance 
policy in place where only top-of the-pyramid, 
enterprise-level applications can be deployed to 
the SharePoint Server, but what about those appli¬ 
cations for the lower part of the governance pyra¬ 
mid (i.e. team sites)? The new SharePoint 2010 
Sandbox helps, but the cost of entry for develop¬ 
ers is high. 

Attendees will learn how Silverlight can be 
used to integrate rich, powerful applications into 
SharePoint. We will discuss the benefits of Sil¬ 
verlight, including lower cost of entry for develop¬ 
ers, increased productivity compared to traditional 
SharePoint development, and the ability to deploy 
Silverlight applications through the browser without 
deploying to the SharePoint Servers. 

The session will then walk through Silverlight 
basics (XAML, styles, layouts, and application set- 
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tings), retrieving data from SharePoint lists and 
document libraries using the Client Object Model, 
managing code using the MWM development pat¬ 
tern, and deploying the Silverlight controls to 
SharePoint. 

Level: Advanced 
Audience: Developer Essentials 

Building the Perfect SharePoint 2010 
Farm: Real-World Best Practices from 
the Field 
Michael Noel 

SharePoint 2010 has matured over the past year, 
with improvements in scalability, enterprise search 
and administration. This session goes right to the 
heart of the matter, providing physical and virtual 
architecture guidelines and specific configuration 
settings that can immediately be used to construct 
SharePoint 2010 environments that can be used 
to replace existing SharePoint 2007 farms. Archi¬ 
tectural specifics are based on best practices 
obtained from existing SharePoint 2010 environ¬ 
ments of multiple sizes, and performance metrics 
gathered from both physical and virtual SQL Serv¬ 
er and SharePoint environments will help you build 
the “perfect” SharePoint 2010 farm for your 
organization. 

• View real-world SharePoint 2010 deployment 
models for environments of multiple sizes, 
including virtualized SharePoint farms 

• Gain access to specific design criteria for sizing 
a SharePoint farm and providing for high avail¬ 
ability for all components 

• Get information to be able to build the “perfect” 
highly available, high-performance and scalable 
SharePoint 2010 environment that will stand the 
test of time 

Level: Advanced 
Audience: IT Pro Essentials 
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CAML, REST and LINQ: Data Access 
Options in SharePoint 2010 
Rob Windsor 

Lists are the data stored in SharePoint, so it should 
be no surprise that there are several data access 
options available to developers. Traditional tech¬ 
niques include the use of the object model to iter¬ 
ate list items or using CAML to query them. Share- 
Point 2010 adds features that make data access 
easier and more powerful—chief among these are 
the addition of joins to the CAML query syntax, 

LINQ to SharePoint and the REST APIs (OData). 

LINQ to SharePoint allows developers to use the 
power of LINQ on entities generated from list 
schema, while the OData interface exposes list data 
to the enterprise via a REST-based service. In this 
session, we’ll explore each of these options, see 
how they work, and discuss where they may fit into 
your SharePoint applications. 

Level: Advanced 
Audience: Developer Essentials 

Creating HTML5 Websites with 
SharePoint 2010 
Ted Pattison 

Designing SharePoint sites using HTML5 and CSS3 
provides a new ability to create cross-browser Web 
applications and to target modern devices such as 
mobile phones and your CEO’s iPad. However, mov¬ 
ing to HTML5 today also involves several well-known 
pain points, such as dealing with varying levels of 
HTML5 and CSS3 support across mainstream 
browsers and integrating JavaScript code to deal 
with older browsers that do not support HTML5. 

This session takes a real-word approach of 
extending the SharePoint 2010 environment with a 
custom master page, CSS files and JavaScript to 
reach a wide variety of HTML5-capable browsers 
and devices without abandoning users who are still 
using Internet Explorer 7 and Internet Explorer 8. 
The session will also examine many of the new 
HTML5 features, such as HTML tags, form con¬ 
trols, drag-and-drop, media support for audio and 
video playback, graphics support with the Canvas 
and SVG, Web Open Font Format (WOFF), offline 


storage, and geolocation. Along the way, the ses¬ 
sion will also discuss which of these new HTML 
features are widely supported across browsers 
and devices to the point where it makes sense to 
use in today’s Web application designs. 

Level: Advanced 
Audience: Developer Essentials 

Data Access with SharePoint 
Web Services 
Chris Beckett 

SharePoint 2010 has introduced a number of new 
technologies to support client-side programming 
and remote integration. In this session, we will 
examine the capabilities of SharePoint ASMX Web 
Services, the Client Object Model, and ODATA 
using the List Data RESTful WCF Service. 

Level: Advanced 
Audience: Developer Essentials 

Deep Dive into SharePoint 2010 

Security 

Ted Pattison 

SharePoint 2010 introduces a new claims-based 
security model that will impact the way companies 
design, implement and enforce security with their 
SharePoint sites. This session explains the funda¬ 
mental concepts of a claims-based model and 
shows how the new claim-based model makes it 
possible to use new types of security principles, 
such as Active Directory distribution lists and 
SharePoint Server Audiences. These can be used 
as first class security objects to securely config¬ 
ure access to securable objects such as sites, 
lists, items and documents. The session will walk 
through developing a custom claims provider with 
Visual Studio 2010, which will effectively demon¬ 
strate the flexibility of how you define the people 
and groups that you need to configure access. 
Level: Advanced 

Audience: Architecture Essentials, Developer Essentials 


Deep Dive into the 
Content Query Web Part 
Christina Wheeler 

In MOSS 2007, the Content Query Web Part 
(CQWP) was a very powerful control used for 
aggregating content from a particular list, site, or 
site collection. However, this Web Part had some 
serious drawbacks. In SharePoint 2010, the CQWP 
has been given a facelift with improved features 
and cool new ones, including the introduction of 
slots, which simplify working with Item Styles, and 
the Content to Content concept, which provides 
functionality such as related content. Some 
improvements to the CQWP include dynamic filters 
and the CommonViewFields. The CQWP in Share- 
Point 2010 also has improved query performance 
over large document libraries and lists. 

Level: Advanced 

Audience: Developer Essentials, Line of Business Essentials 

Deployment Demofest 

Ben Curry 

This session is full of real-world lessons and 
learned tips and tricks from the field. The instruc¬ 
tor will give you a LIVE guided tour of a multi-serv¬ 
er farm deployment, service application configura¬ 
tion, and ECM tips and tricks. Learn the basics for 
creating and managing Web and service applica¬ 
tions, scaling services, and selecting basic server 
farm topologies for most implementations. 

There are lots of MSDN and TechNet articles 
for how to configure a server farm, but nothing 
beats someone who has “been there, done that” 
lead an audience through some of the more chal¬ 
lenging and ambiguous portions of configuration. 
After the session, attendees will have increased 
confidence they can build Web applications, serv¬ 
ice applications, and configure a multiple server 
SharePoint Server 2010 farm. 

Level: Advanced 
Audience: IT Pro Essentials 

Developing with SharePoint Server 
2010 Metadata 
Andrew Connell 

The Managed Metadata Service application in 
SharePoint 2010 allows users to create and utilize 
taxonomies in various ways. Microsoft has includ¬ 
ed a robust taxonomy API in SharePoint 2010 that 
can be leveraged in custom solutions. In this ses¬ 
sion, we’ll explore how you can interact with tax¬ 
onomies within the Managed Metadata Service 
application, as well as work with metadata 
columns in custom solutions from a development 
perspective. 

Level: Advanced 

Audience: Architecture Essentials, Developer Essentials 

Developing a SharePoint Deployment 
Reference Architecture and Methods 
of Measuring Your Deployment 
Against This Architecture 
Bill English 

In this presentation, the instructor will offer a 
SharePoint Deployment Reference Architecture for 
your consideration, and then will discuss ways to 
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measure your current implementation against the 
reference architecture. Further discussions will 
focus on what actions to take depending on a set 
of given scenarios. This session is intended for 
Application Architects, Project Managers, Business 
Analysts and Consultants working with SharePoint 
Server 2010. 

Level: Advanced 

Audience: Architecture Essentials, Line of Business 
Essentials 

ECM from a Developers Perspective 

Paul J. Swider 

The SharePoint ECM programming model can be 
used to extend the functionality of the new ECM 
features and create custom document manage¬ 
ment solutions. In addition, SharePoint 2010 intro¬ 
duces the Managed Metadata store as the enter¬ 
prise tool for managing taxonomy. In this session, 
you will learn how to add rich ECM functionality to 
your SharePoint sites, using members of the tax¬ 
onomy and document management object model. 
When you complete the session, you will under¬ 
stand the pros and cons of each namespace. 

Level: Advanced 
Audience: Developer Essentials 

InfoPath and SharePoint Designer 
2010 Workflow Best Practices 
Laura Rogers 

In your organization, forms are everywhere. 
InfoPath is a program that lets you quickly and 
easily create forms for business users to fill out 
and submit. The easy part is creating the form, 
but the more complicated part is finding out 
what needs to happen when it gets submitted 
and how to automate that process. This is where 
workflows come in. InfoPath forms and Share- 
Point Designer workflows can be used in con¬ 
junction, in order to create a complete business 
process. 

This session will discuss and compare the dif¬ 
ferent ways that forms can be submitted and 
streamlined, so that the life cycle of the form is 
efficient and logical. This includes best practices 
around the form’s data connections, buttons, 
rules, views, and the workflow that sends the 
form through an approval process. All of this is 
done without code; just making the most of the 
InfoPath and SharePoint Designer out-of-box func¬ 
tionalities. 

Level: Advanced 

Audience: Architecture Essentials, Line of Business 
Essentials 

Making Peace with the User Profile 
Service 

Todd Klindt and Shane Young 

We’ve all heard horror stories about the dreaded 
and scary User Profile Service in SharePoint 2010. 
In this session, we will explain how the User Profile 
Service’s brain thinks, and why it does some of the 
things it does. We will cover how things have 
changed for the better since SP1 was released. If 
the demo gods look upon us favorably, we will also 
walk through a configuration of the User Profile Ser¬ 
vice to show that it can be done by mortal man. 
Level: Advanced 
Audience: IT Pro Essentials 


Out of the Sandbox and into the 
Cloud: Build Your App on Azure 
Andrew Connell 

Have you evaluated Sandbox solutions and know 
you are going to need more flexibility, control and 
power? We will show you a new, innovative 
approach to building your next SharePoint applica¬ 
tion that lets you take advantage of all the power 
of Azure and ASP.NET, while leveraging all that 
SharePoint has to offer. Your users will have no 
idea your application is in the cloud! 

Level: Advanced 
Audience: Developer Essentials 

SharePoint 2010 Performance and 
Capacity Planning Best Practices 
Eric Shupps 

Deploying a SharePoint environment that can scale 
from several hundred to tens of thousands of 
users can be a daunting task that requires careful 
planning and testing. In this session, we will 
explore SharePoint capacity planning and discuss 
best practices for the configuration of databases, 
service applications, Web applications, site collec¬ 
tions, and lists. We will also review ways to avoid 
common mistakes, and highlight tools and tech¬ 
niques administrators can use to monitor Share- 
Point performance and identify common causes of 
performance issues. 

Level: Advanced 
Audience: IT Pro Essentials 

SharePoint Guidance: Developing 
Applications — Foundations and 
Execution 
Robert Bogue 

In this action-packed session, you’ll get a guided 
tour around the foundation and execution portions 
of the Microsoft Patterns & Practices SharePoint 
Guidance. As a member of the team that built the 
guidance, Robert will talk through the guidance 
both from the perspective of the documentation 
generated, as well as the reference implementa¬ 
tions and core library. Expect to leave wanting to 
spend more time mining the value of the Share- 
Point Guidance. 

Level: Advanced 
Audience: Developer Essentials 

SharePoint Storage: 

RBS for the Masses 

Todd Klindt and Shane Young 

To some, the Remote Blob Store is the Holy Grail 
of SharePoint storage. It gives us all the great 
SharePoint functionality, but without that heavy 
SQL footprint. To others, RBS is the worst thing 
ever as it complicates SharePoint and SQL and 
negatively impacts performance. In this session, 
we will explain how RBS works, and discuss when 
you should and shouldn’t use it. We will also con¬ 
figure RBS and walk through some of the common 
tasks you’ll have to perform if you choose to use 
RBS in your SharePoint 2010 farm. 

Level: Advanced 
Audience: IT Pro Essentials 


SPTechCon 

The SharePoint 
Technology Conference 


Feb. 26-29,2012 -> San Francisco 


“SPTechCon is a collaborative and 
fact-filled conference that is led by 
the best and brightest of the 
SharePoint community. It is a 
go-to event because the informa¬ 
tion and solutions you can learn 
from here are numerous.” 

—Keri Russo, Business Promo Analyst, 
Neighborhood Health Plan 



Tagging Up: Managed Metadata and 
Taxonomies in SharePoint 2010 
Chris McNulty 

Information architecture is never as easy as it 
seems. For example, do you have a hard time 
deciding if you should group your documents by 
department or by project? This session begins 
with a hands-on review of SharePoint’s managed 
metadata services for taxonomies, folksonomies, 
tags, metadata and content types in SharePoint 
2010. Attendees will learn about architecture and 
usage for content management, taxonomy, social 
networking and navigation. New for 2012, we’ll 
be diving deeply into governance, scripting and 
development. 

Level: Advanced 

Audience: Architecture Essentials 

The Core Pillars of an Effective 
Document Management Solution 
Amanda Perran 

Since SharePoint was introduced a decade ago, 
many organizations have embraced the tool as a 
mechanism to adopt better document manage¬ 
ment practices. While the platform provides fea¬ 
tures and functionality to support effective docu¬ 
ment management and collaboration, without 
proper planning and governance, many organiza¬ 
tions fail at recognizing the true potential of what 
SharePoint can offer. During this session, we will 
review the core pillars of an effective document 
management solution and discuss how Share- 
Point 2010 can be configured to support these. 
This session will address important concepts 
such as: 

• Creating an effective and reusable classification 
plan using the new and improved tools in Share- 
Point 2010 that optimize stakeholders’ abilities 
to find the right document at the right time. 
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• Designing taxonomies and hierarchies to support 
business goals for collaboration, while also 
ensuring maximum performance and security. 

• Implementing document content types in a way 
that allows for more effective and governed doc¬ 
ument management, without adversely impacting 
how users like to work. 

• Managing the document life cycle from creation 
to expiration. 

Level: Advanced 

Audience: Line of Business Essentials 

Understanding How the Microsoft 
Ecosystem Offers Findability - Part I 
Bill English 

This first session will examine what findability is 
and go over the latest research on findability. The 
instructor will outline the core problems with find¬ 
ability, including a lack of understanding of what 
findability is, how findability is confused with 
search technology platforms, and how most cor¬ 
porations want to find their information quickly and 
easily, but can’t seem to achieve this goal in spite 
of their best efforts and intentions. 

The instructor will also outline the costs of a 
poor findability solution. If you’ve been working on 
ways to use SharePoint to make your information 
more findable, this session will help you under¬ 
stand the hidden problems in implementing a 
robust findability solution. The class will have 
demos on executing queries on Internet-based 
search engines and what you can do to make 
them better, and will illustrate how frustrating it is 


“Prepare for three days of fun and 
lots of learning!” 

—Danny Jessee, Sr. Software Engineer, Parsons 





to find a document in a typical environment. 

Level: Advanced 

Audience: Architecture Essentials, IT Pro Essentials, Line 
of Business Essentials 

Understanding How the Microsoft 
Ecosystem Offers Findability - Part II 
Bill English 

In this second session, the instructor will discuss 
the negative impact that information overload 
exerts on achieving a robust findability solution. In 
the class, we will also discuss the role of e-dis- 
covery in the design of your Findability Architec¬ 
ture and outline how the concepts of precision, 
recall and relevance will impact your Findability 
Architecture Design. In addition, we will outline the 
costs of making the wrong information available 
to the wrong individuals and discuss how your 
Findability solution must integrate with your secu¬ 
rity solutions. 

Finally, the instructor will offer his latest thinking 
on how to develop a Findability Architecture that will 
lead to a better ROI on your existing Microsoft 
investments, as well as enabling your users to be 
more efficient and productive. You will receive free 
job aids to take with you to the office so that you 
can begin the process of implementing what you’ve 
learned. We will demo how metadata can be dis¬ 
criminatory between documents that have very dif¬ 
ferent foci, but use similar language in its content. 
Level: Advanced 

Audience: Architecture Essentials, IT Pro Essentials, 

Line of Business Essentials 

Understanding SharePoint 2010 Roles 
and Responsibilities 
Shadeed Eleazer 

Defining SharePoint roles and responsibilities has 
long been a gray area and subsequent pain point 
for decision makers and recruiters. SharePoint 
2010 only complicates the matter with its new fea¬ 
tures, methodologies, and user interface, com¬ 
pared to earlier versions of the software. In this 
session, attendees will receive an in-depth educa¬ 
tion on the specific ways that SharePoint 2010 
transforms roles and responsibilities and equip 
professionals with the tools to navigate through 
their particular market. The session will examine 
how SharePoint 2010 impacts the SharePoint 
administrator, developer, and project manager 
roles and how these changes are projected to 
manifest within SharePoint deliverables today and 
tomorrow. 

Level: Advanced 

Audience: Developer Essentials, IT Pro Essentials, Line of 
Business Essentials 

Understanding the Five Layers of 
SharePoint Security 
Michael Noel 

One of the biggest advantages of using SharePoint 
as a document management and collaboration 
environment is that a robust security and permis¬ 
sions structure is built into the application. Authen¬ 
ticating and authorizing users is a fairly straightfor¬ 
ward task, and administration of security 


permissions is simplified. Too often, however, 
security for SharePoint stops there, and organiza¬ 
tions don’t pay enough attention to all of the other 
considerations that are part of a SharePoint secu¬ 
rity stack, and more often than not, don’t properly 
build them into a deployment. This includes 
diverse categories such as Edge, Transport, Infra¬ 
structure, Data, and Rights Management Security. 

This session discusses the entire stack of 
security within SharePoint, from best practices 
around managing permissions and ACLs to comply 
with Role Based Access Control, to techniques to 
secure inbound access to externally facing Share- 
Point sites. The session includes all major security 
topics in SharePoint and a discussion of various 
real-world designs that are built to be secure. 

• Understand how to use native technologies to 
secure all layers of a SharePoint environment, 
including Data, Transport, Infrastructure, Edge, 
and Rights Management. 

• Examine tools and technologies that can help 
secure SharePoint, including AD Rights Manage¬ 
ment Services, Forefront Unified Access Gateway, 
SQL Transparent Data Encryption, and more. 

• Understand a Role-Based Access Control (RBAC) 
permissions model and how it can be used to 
gain better control over authorization and 
access control to SharePoint files and data. 

Level: Advanced 
Audience: IT Pro Essentials 

Using External Data Within SharePoint 
or Beyond the BDC/BCS Model 
Phill Duffy 

There’s lots of guidance around getting SharePoint 
to talk to an external system, but what do you do 
next? In this session, we will be exploring the dif¬ 
ferent ways to use your external data within Share- 
Point, from the out-of-the-box Web Parts to devel¬ 
oping custom solutions with the BDC or BCS 
Object Model. 

We will be looking at the roles of the out-of-the- 
box Web Parts, including Business Data and Busi¬ 
ness Data Related Lists, and how to make deci¬ 
sions in a workflow based off your External Data. 
Additionally, we will be building a Web Part to dis¬ 
play the line-of-business data. Along the way, we will 
be looking at pitfalls, best practices and recommen¬ 
dations of working with the BDC and the BCS. 

Level: Advanced 

Audience: Developer Essentials, Line of Business Essentials 

Upgrading to SharePoint 2010 

Todd Klindt and Shane Young 

Are you jealous of all your friends and their fancy 
SharePoint 2010 farms? Have no fear. In this ses¬ 
sion, you will learn how to upgrade SharePoint 2007 
to 2010. We will cover the methods available and 
how best to use them. We will also cover some of 
the mistakes we’ve made the most often, hopefully 
preventing you from making the same mistakes. 
Level: Advanced 
Audience: IT Pro Essentials 


Follow us at twitter.com/SPTechCon 
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Chris Beckett MCM 

Chris is a Microsoft Certified Master 
and has 20 years of experience 
leading the development of enter¬ 
prise business solutions using rapid 
application development tools and 
techniques. He has been a dedicat¬ 
ed SharePoint specialist since 2003, with expertise in 
enterprise infrastructure and deployment planning, busi¬ 
ness automation solutions development, information 
architecture, and knowledge management. He is an 
active blogger and author, and a frequent speaker at 
user groups and professional organizations. Chris lives 
with his wife in Seattle. 



Robert Bogue MVP 

Robert has contributed to more than 
100 book projects and numerous pub¬ 
lishing projects, and has also authored 
his own book, “The SharePoint 
Sheperd’s Guide for End Users.” 
Writing about topics from networking 
and certification, to Microsoft applications and business 
needs, Robert blogs at www.thorprojects.com/blog. 

Christian Buckley 

Christian helps drive partner and 
community development for Axceler, 
and he previously worked at 
Microsoft as a Senior Program 
Manager on the enterprise hosted 
SharePoint platform team (now part 
of BPOS). Prior to Microsoft, he was managing director 
of a regional consulting firm in San Francisco’s East Bay, 
participated in several startups, and worked with IBM, 
HP, Cisco, Matsushita, Solectron, Seagate, and other 
large hi-tech and manufacturing firms to deploy collabo¬ 
ration and supply-chain solutions. Christian is co-author 
of three books on IBM Rational Software configuration 
management and defect tracking solutions, and he can 
be found online at www.buckleyplanet.net. 

Liam Cleary MVP 

After 12 years in the IT industry, 

Liam became a consultant for 
SharePoint. Afterward, he became 
principal consultant for .NET devel¬ 
opment and collaboration within BT 
Lynx in the U.K., and he now works 
as a solution architect for SusQtech in Virginia, primari¬ 
ly working with non-profits and associations. His core 
focus as a solution architect is to ensure that Share- 
Point can either natively, or with minimal customization, 
meet the business requirement. 

Liam is also a four-time SharePoint MVP focused on 
architecture, but also crosses the boundary into develop¬ 
ment. He is passionate about all aspects of the SharePoint 
platform and loves to share the good word. He can often 
be found at user groups or conferences speaking, offer¬ 
ing advice or just spending time in the community. 






Dave Coleman MVP 

With 20 years of working in the IT 
industry, and 13 of them in the educa¬ 
tion sector, Dave has worked with 
many versions of Windows Server, 
Exchange and SQL Server. Over the 
last few years, Dave has been special¬ 


MCM - Microsoft Certified Master 

This certification enables senior-level IT profes¬ 
sionals to demonstrate and validate their tech¬ 
nical expertise on Microsoft Server products 
with exclusive, advanced training and certifica¬ 
tion available only direct from Microsoft. 

MVP - Microsoft 

Most Valuable Professional 

These exceptional community leaders come 
from a wide range of backgrounds... who active¬ 
ly share their high-quality, real-world technical 
expertise with the community and with Microsoft. 


izing in SharePoint. He started with SharePoint Team 
Services back in 2003 through SharePoint Portal Server 
2003. He moved on to SharePoint 2007 and is now 
focused on the latest incarnation of SharePoint 2010. 

Andrew Connell MVP 

Andrew is an author, instructor and 
cofounder of Critical Path Training, a 
SharePoint education-focused com¬ 
pany. Andrew is a five-time Microsoft 
' jk \ MVP and has contributed to numer- 
I IhAmU I ous books over the years. In June 
2008, he published “Professional SharePoint 2007 Web 
Content Management Development,” the only book on 
the subject of developing Web-content management 
sites using SharePoint 2007. 

Andrew has spoken on the subject of SharePoint 
development and WCM at various events and national 
conferences, such as TechEd North America 
& EMEA, SharePoint Connections, VSLive, and 
Microsoft's SharePoint Conference. Andrew blogs at 
www.andrewconnell.com/blog. 

Brian Culver MCM 

Brian is a SharePoint Solutions 
Architect for Expert Point Solutions in 
Houston, Texas. Brian is a Microsoft 
Certified Master (MCM) in SharePoint 
2007 and a Microsoft Certified 
Professional Developer (MCPD). He 
has worked in the Information Technology industry since 
1998 and has been working with SharePoint since 
2005. Brian's deep expertise includes SharePoint, 
ASP.NET, SQL Server and Project Server. He has been 
involved in many large SharePoint implementations, 
including Internet and Intranet sites, partner portals, 
enterprise-content management and governance, and 
custom application integration and development. 

Ben Curry MVP 

Ben is a respected enterprise archi¬ 
tect specializing in knowledge man¬ 
agement and collaboration technolo¬ 
gies. As a senior architect for 
Mindsharp, Ben shares his knowl¬ 
edge in training courses that cover 
the next generation of Microsoft products. Ben is the 
author or co-author of three books for SharePoint prod¬ 
ucts and technologies, including “Microsoft Office 
SharePoint Server 2007 Best Practices.” Ben has more 
than 15 years of experience designing, managing, imple¬ 
menting and securing data center IT solutions. 






SPTechCon 

The SharePoint 
Technology Conference 


Feb. 26-29,2012 -> San Francisco 


“Best SharePoint conference I have 
attended.” 

—Majid Syed, Project Collaboration Manager, Jacobs 




Randy Drisgill MVP 

Randy has more than 10 years’ experi¬ 
ence developing, designing and imple¬ 
menting Internet-based software for 
clients ranging from small businesses 
to Fortune 500 companies. Randy co¬ 
wrote “Professional SharePoint 2007 
Design” and has worked on several SharePoint articles 
and white papers. Randy blogs at blog.drisgill.com. 



Shadeed Eleazer 

A U.S. Navy veteran, Shadeed has 
worked for more than 11 years sup¬ 
porting the unique technology 
demands of Federal and state gov¬ 
ernment sectors, with an extensive 
background in cloud services sup¬ 
port and implementation, configuration management, 
process development, SharePoint backup and recovery, 
and SharePoint integration. He has worked supporting 
the Obama administration's Open Government initiative 
in bringing transparency to government, leveraging 
SharePoint platform integration with a wide range of 
social media applications and internal government plat¬ 
forms and applications. 

Shadeed currently supports multiple SharePoint imple¬ 
mentations within the fast-paced, high-pressure legal com¬ 
munity in downtown Washington, D.C., providing end-user 
support for the U.S. attorney general's staff and related 
sections and components. He is a cofounder of the 
Baltimore SharePoint User Group, and a Microsoft 
Certified Technical Specialist in MOSS 2007 and WSS 3.0 
Configuration. 


Bill English MVP 

Bill is an industry leader, author, and 
educator specializing in SharePoint 
products and technologies. As Chief 
Executive Officer of EBA Companies 
(Mindsharp and The Best Practices 
Conference), Bill draws on his experi¬ 
ence in business management to teach and consult about 
mapping SharePoint features to business processes and 
information organization needs. 

As a former psychologist in Minnesota for nine 
years, English uses his knowledge of human behavior to 
help companies implement change through software 
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platforms. Microsoft has acknowledged Bill’s profession¬ 
al contributions to the SharePoint community by award¬ 
ing him the Most Valuable Professional award for 10 con¬ 
secutive years. 

Since 2000, Bill has authored 14 books on Exchange 
and SharePoint products, including the “Administrator’s 
Companion for SharePoint Server 2010.” Bill lives in 
Minnesota with his wife and two children, where summer 
is the six best days of the year! 



Phill Duffy 

Phill works for Lightning Tools Ltd 
.with Brett Lonsdale and Nick Swan 
(MVP) as a SharePoint Developer. He 
has worked with SharePoint for three 
years and has been involved in the 
Development of Web Parts and Tools 
centered on and around the BDC and BCS. Phill is cur¬ 
rently the lead developer working on BCS Meta Man. He 
has also talked at San Diego and London Best Practices 
Conferences on the BCS. 



Richard Harbridge 

For the past seven years, Richard 
has worked extensively with 
SharePoint as an end user, develop¬ 
er, administrator, architect, business 
analyst and consultant. In this time, 
he has defined, architected, devel¬ 
oped and implemented well over 100 SharePoint solu¬ 
tions, from small implementations of WSS on a single 
server to more than 80,000 user implementations in 
international organizations. 

Richard is passionate about technology and business 
challenges, and enjoys teaching, sharing and helping oth¬ 
ers through involvement with the community. 



Dave Healy 

Dave is an innovative solution design¬ 
er with a vision for technology in the 
enterprise. Twenty years’ experience 
delivering Enterprise Information 
Management solutions has informed 
his approach to design and imple¬ 
mentation as an opportunity to create change, foster 
innovation and drive results. 

An early adopter of SharePoint technologies, Dave 
has been helping customers address complex business 
challenges with SharePoint and related partner technolo¬ 
gies since 2001. Dave’s experience on both the 
SharePoint Server and SQL Server product teams at 
Microsoft brings added depth to his solution designs. 

A passionate and articulate speaker, Dave draws from 
this invaluable experience to bring his seminars and work¬ 
shops to life with practical, real-world insight and guidance. 


Scott Jamison MCM 

Scott is a managing partner at 
Jornata, a premier Microsoft-focused 
consulting and training firm based in 
Boston. Scott has extensive experi¬ 
ence implementing business solutions 
using SharePoint technologies, and is 
one of only a handful of Microsoft Certified Masters for 
SharePoint in the world. He is a recognized thought leader, 
teacher and published author with several books, including 
“Essential SharePoint 2007” and “Essential SharePoint 
2010.” You can find his blog at www.scottjamison.com. 



Todd Klindt MVP 

Todd is a popular speaker and consult¬ 
ant specializing in SharePoint tech¬ 
nologies for IT administrators. He con¬ 
tributed to the book “Real World 
SharePoint 2007: Indispensable 
Experiences from 16 MOSS and WSS 
MVPs.” Read his blog at toddklindt.com/blog. 


Microsoft’s Developer Platform Evangelism group and the 
SharePoint product team researching and authoring 
SharePoint training material for early adopters. Ted start¬ 
ed working with SharePoint 2010 in August of 2008 and 
has since led a series of training classes, which he has 
already taught to hundreds of professional developers 
learning how to get started on building custom business 
solutions using the SharePoint 2010 platform. 




Brett Lonsdale 

r _zm Brett is a specialist in the Business 
Data Catalog for SharePoint 2007 and 
Business Connectivity Services in 
SharePoint 2010. Brett authored the 
“Developers Guide to SharePoint 
2007 Business Data Catalog" and is 
also the co-owner of Lightning Tools, a SharePoint Web 
parts and tools company. Brett spends most of his time 
product managing the products that Lightning Tools pro¬ 
duce with his business partner Nick Swan while also 
providing technical BDC and BCS support to Lightning 
Tools customers. Brett is also the co-host for The 
SharePoint Pod Show. You can find Brett at his blog at 
lightningtools.com/blog. 


Amanda Perran MVP 

Amanda is a 10-year veteran of 
SharePoint, focusing on Information 
Architecture, Solution Design, Enter¬ 
prise Content Management and 
Governance. She is a five-time recipi¬ 
ent of the Microsoft Most Valuable 
Professional (MVP) Award for Microsoft SharePoint Server. 

In addition to her volunteer work within the technical 
community, Amanda co-authored her third major book 
related to SharePoint: “Beginning SharePoint 2010: 
Building Business Solutions with SharePoint 2010,” which 
focuses on using technology to support common busi¬ 
ness processes within organizations. Amanda is a regular 
speaker at industry events around the globe and has main¬ 
tained a SharePoint-focused blog for the past eight years. 



Jennifer Mason 

Jennifer has spent the past several 
years providing consulting services 
around SharePoint technologies and 
is currently working with the team at 
SharePoint911. Her focus has been 
on strategy, planning, governance 
and best practices for implementing business solutions 
using SharePoint technologies. Jennifer is also a founding 
member of the Columbus, Ohio SharePoint Users Group. 


Steve Pietrek 

Steve is the Raleigh/Durham Microsoft 
Practice Manager at Cardinal Solutions 
Group, a Microsoft Managed Partner, 
with offices in Cincinnati, Columbus, 
Charlotte and Raleigh. Steve is active 
in the SharePoint community through 
his blog, public speaking at user groups and conferences, 
MSDN, and Twitter. Steve’s SharePoint and Silverlight blog 
can be found at: www.stevepietrek.com. 




Chris McNulty 

Chris leads the SharePoint practice at 
KMA, a Microsoft Gold Partner in New 
England. Chris has more than 20 
years’ experience in financial services 
technology at State Street, Santander, 
GMO and John Hancock/Manulife. A 
frequent speaker at conferences nationwide, he’s the 
author of the “SharePoint 2010 Consultant’s Handbook— 
A Field Guide to Managed Metadata Services," and the 
popular Microknowledge blog (blogs.kma-llc.net/ 
microknowledge). Chris holds an MBA from the Carroll 
School of Management at Boston College in Investment 
Management and Corporate Finance, and is a Microsoft 
MSA, VTSP, MCSE and MCTS. 

Michael Noel MVP 

Michael is an internationally recog¬ 
nized technology expert, best-selling 
author and a well-known public speak¬ 
er on a broad range of IT topics. He 
has written several major bestselling 
industry books that have been trans¬ 
lated into more than a dozen languages. Significant titles 
include “Microsoft SharePoint 2007 Unleashed” and 
“Sams Teach Yourself SharePoint 2007 in 10 Minutes.” 
Michael is a consultant with Convergent Consulting, locat¬ 
ed in the San Francisco Bay Area. 


Eric Riz 

Eric is the Executive Vice President of 
Concatenate, Inc., a software firm 
focused on maximizing SharePoint 
through product innovation and sys¬ 
tems integration based in Toronto, 
Canada. He has worked with many 
Fortune 500 companies on their business productivity 
architecture and deployment plans to ensure they maxi¬ 
mize the benefits of Microsoft technologies and success¬ 
fully deploy their SharePoint-based solutions. Eric is a fre¬ 
quent contributor to the SPTech Report and cmswire.com. 
You can find his blog at www.ericriz.com. 

Laura Rogers MVP 

Laura is a Senior SharePoint 
Consultant at SharePoint911 and was 
recently recognized as a SharePoint 
MVP. She has six years of experience 
in SharePoint implementation, training, 
customization and administration, and 
has been a MCSE since 2000. Her focus is on making the 
most of SharePoint’s out-of-the-box capabilities. She 
works extensively with SharePoint Designer workflows, 
InfoPath and Data View Web Parts. Laura’s latest book on 
SharePoint 2010 is “Beginning SharePoint 2010: Building 
Business Solutions with SharePoint.” Her blog is 
www.sharepoint911 .com/blogs/laura. 







Ted Pattison 

Ted is an author, instructor and co¬ 
founder of Critical Path Training, a 
company dedicated to education on 
SharePoint technologies. For the last 
six years, Ted has worked with 



John Ross MVP 

John has more than eight years of 
experience implementing solutions for 
clients, ranging from small businesses 
to Fortune 500 companies, as well as 
government organizations. He has 


Check the website for more classes and speakers! 

















worked with all project phases from analysis to implemen¬ 
tation, and has been involved with a wide range of 
SharePoint solutions that include public-facing Internet 
sites, corporate intranets, and extranets. He is co-author 
of the book “MOSS Explained: An Information Worker’s 
Deep Dive into Microsoft Office SharePoint Server 2007,” 
and was a contributing author to “Professional SharePoint 
2007 Design.” You can visit John's blog at www 
.sharepoint911 .com/blogs/john. 

a Peter Serzo 

Peter is a published author of the 
“SharePoint 2010 Administration 
Cookbook," a founder of the 
SouthEastern SharePoint group, 
speaker, and works for High Monkey 
Consulting as a SharePoint Architect. 
Peter has been in the IT industry for 20 years. He has 
extensive experience with SharePoint implementing busi¬ 
ness solutions for several enterprise organizations over 
the past seven years. 

Using a varied background, including a degree in 
English, Peter brings a fresh perspective to each 
engagement. Each session he presents is told in story 
mode in order to engage and educate. This type of com¬ 
munications presents SharePoint technology in an under- 


Eric Shupps MVP 

Eric is a SharePoint Server MVP, and 
the founder and president of 
BinaryWave, a global provider of 
SharePoint managed services. Eric 
has worked with SharePoint products 
and technologies since 2001 as a 
consultant, administrator, architect, developer and trainer. 
He is also a sponsor of the Dallas/Ft. Worth SharePoint 
Community group, participating member of the UK 
SharePoint User Group, and president of the International 
SharePoint Professionals Association. 

Eric has authored numerous articles on SharePoint, 
speaks at user groups and conferences around the 
world, and publishes a popular SharePoint blog at 
www.sharepointcowboy.com. 


standable format. 



Heather Solomon 

Heather is a Web designer with more 
than 10 years of experience designing 
and deploying online applications and 
sites. Specializing in SharePoint 
branding, layout and usability, she has 
extensive experience with SharePoint 
technologies and Web-content management. Heather is 
the director of Creative Services and senior trainer at 
SharePoint Experts, and delivers training, branding and 
consulting services to help corporations maximize 
SharePoint’s potential. She authored and teaches the 
“SharePoint Branding Bootcamp.” Considered by many to 
be THE industry expert in SharePoint branding, Heather 
shares her knowledge in a laid-back way and knows how 
to make SharePoint look like anything but SharePoint! 




Paul Swider 

Paul is an Enterprise SharePoint 
Architect for OnClick Solutions. With 
over 15 years of software consulting 
experience, Paul has trained thou¬ 
sands of students, developers and 
architects. Paul’s specialties include 
enterprise SharePoint deployment and development, .NET 
development, SQL Server, Business Intelligence, BizTalk 


Server 2006, and Windows Workflow Foundation. 

Sadie Van Buren 

Sadie is a Senior Software Engineer at 
W \ BlueMetal Architects, based in 
AS 1 Watertown, Mass. She designs Share- 
ML/"/ Point solutions and leads deployments, 
with a strong focus on strategy, usabil- 
ity, information architecture, and busi¬ 
ness process improvement. Sadie has a Bachelor’s degree 
from Wesleyan University and a Certification in Project 
Management from Boston University, and is a Microsoft 
Certified Technology Specialist. 

She is a member of the Boston Area SharePoint User 
Group, the Boston Knowledge Management Forum and 
the Boston chapter of SIKM (System Integrator 
Knowledge Managers). She is the creator of the 
SharePoint Maturity Model, and blogs about SharePoint 
and technology at amatterofdegree.typepad.com. 

Christina Wheeler 

Based in Philadelphia, Pa, Christina is 
a SharePoint Trainer for Mindsharp 
and founder of CM Portal Solutions, 
LLC. She is a highly respected 
SharePoint consultant who is extreme¬ 
ly active in the SharePoint community. 
With over 10 years of experience in the industry, Christina 
has knowledge in graphic design, Web development and 
custom development with her work primarily targeted 
toward educational and financial institutions. 

As a trainer, Christina brings her real-world experience 
to the classroom. Christina was the Tech Editor of 
“SharePoint 2007 Developer’s Guide to Business Data 
Catalog” and continues to edit books for various publish¬ 
ers and authors. She enjoys contributing articles to tech¬ 
nical websites and often speaks at SharePoint community 
events and conferences. 

Rob Windsor MVP 

Rob is a developer, trainer, writer and 
Senior Consultant with ObjectSharp 
Consultin—a Microsoft Gold Partner 
based in Toronto, Canada. He has 
over 15 years’ experience developing 
rich-client and Web applications with 
Delphi, VB, C# and VB.NET, and is currently spending a 
majority of his time working with SharePoint. Rob is a 
member of the INETA Speakers Bureau and is a regular 
speaker at conferences, code camps, and user groups 
across North America and Europe. 

He also regularly contributes articles and videos to 
MSDN, TechNet, and the Pluralsight On-Demand library, 
and is the co-author of "Professional Visual Basic 2010 
and .NET." Rob is President of the Toronto Visual Basic 
User Group and has been recognized as a Microsoft Most 
Valuable Professional for his involvement in the developer 
community. 




Shane Young MVP 

Shane is president and principal con¬ 
sultant at SharePoint911, with more 
than 13 years of experience architect¬ 
ing and administering large-scale 
server farms using Microsoft enter¬ 
prise technologies. He has been rec¬ 
ognized by Microsoft as an authority on SharePoint and 
is among an elite group of SharePoint MVPs. Shane has 
written three SharePoint 2007 books and maintains the 
popular SharePoint Farmer’s Almanac at msmvps.com/ 
blogs/shane. 



Hotel 

Information 

Hilton San Francisco Union Square 

333 O'Farrell Street 
San Francisco, CA 94102 
Phone: +1-415-771-1400 
Fax: +1-415-771-6807 
www.hiltonsanfranciscohotel.com 



Reservations 

Special discounted room rates for SPTechCon 
attendees are US$209 per night for single/ 
double occupancy. This rate is available from 
February 24, 2012 (check-in) through March 1, 
2012 (check-out). 

Rooms for the reduced rate are limited and 
are available on a first-come, first-serve basis. 

Visit http://sptechcon.com/sfhotel to make 
your hotel reservation, or use the “Make Hotel 
Reservation” option on the confirmation page 
of your registration. 

This rate is available throughout the duration of 
the SPTechCon conference. Those who 
reserve their hotel rooms via this reservation 
link (our room block) will receive: 

• Complimentary wireless Internet service in 
their rooms. 

• 25% discount off of parking fees for valet 
and self parking. Parking spaces are avail¬ 
able on a first come, first served basis. 

Hotel Highlights 

Discover the grandest of San Francisco Union 
Square hotels—Hilton San Francisco Union 
Square. With an ideal location, just steps from 
Union Square, this superb San Francisco hotel 
is just a short stroll or cab ride from virtually 
everything to see and do in the City by the Bay. 

• Located in the heart of San Francisco, within 
walking distance to famous sights like China¬ 
town, Nob Hill, the Cable Cars, shopping, 
dining, and much more 

• Just blocks from the Powell Street Station on 
the BART transit line 

• Steps to the Theatre District and farmers’ 
market 

• Only 13 miles from San Francisco 
International Airport (SFO) and 13 miles from 
Oakland International Airport (OAK) 


Register early—this conference will sell out! 
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SPTechCon 

The SharePoint 
Technology Conference 

BZ Media LLC 



7 High Street 
Suite 407 

Huntington, NY 11743 


Register Online TODAY at www.sptechcon.com! 


REGISTRATION INCLUSIONS 

Full Event Passport PLUS 

CONFERENCE PRICING 

Register By 

NOV. 4 

DEC. 16 

JAN.13 

FEB. 10 

After 
FEB. 10 

Pre-Conference Workshops 
Registration Includes: 

Admission to pre-conference workshops 
Admission to sessions and technical classes 

Full Event Passport PLUS 
Pre-Conference Workshops 

Feb. 26-29, 2012 

$1,495 

Save 

$500! 

$1,545 

Save 

$450! 

$1,595 

Save 

$400! 

$1,695 

Save 

$300! 

$1,995 

Admission to keynotes 

Admission to Exhibit Hall 

Admission to special events, including 
the Attendee Reception 

Continental breakfast, coffee breaks and 
lunch where indicated 

Full Event Passport Only 

Feb. 27-29, 2012 

$1,095 

$1,145 

$1,195 

$1,295 

$1,595 

Pre-Conference 

Workshops Only 

Feb. 26, 2012 

$595 

$645 

$695 

$745 

$795 

Full Event Passport Only 
Registration Includes: 

Admission to sessions and technical classes 

Exhibit Hall Only 

Feb. 28-29, 2012 

FREE 

FREE 

FREE 

FREE $50 

All prices are in US$. 


Admission to keynotes 
Admission to Exhibit Hall 
Admission to special events, including 
the Attendee Reception 
Continental breakfast, coffee breaks and 
lunch where indicated 

Pre-Conference Workshops Only 
Registration Includes: 

Admission to pre-conference workshops 
Continental breakfast, coffee breaks and 
lunch where indicated 

Exhibit Hall Only Registration 
Includes: 

Admission to Exhibit Hall 
Admission to Attendee Reception 


“It’s a great event to 
attend, whether you are 
a power user or 
SharePoint expert.” 

—Jason Goodman, Newtork Admin, 
Finley & Cook, PLLC 


HOW TO REGISTER 

Register online and use one of the following 
payment methods: 

Credit Card. You can use the secure online form to pay via credit 
card and get immediate confirmation of your registration. Master- 
Card, Visa and American Express are accepted. You’ll receive 
a registration record and receipt. Please print out these pages 
and bring them with you to the Conference. Present them at the 
Registration Desk to pick up your badge and course materials. 

Check. Fill out the online registration form. Print out the 
registration record and receipt and mail to BZ Media LLC, 

7 High Street, Suite 407, Huntington, NY 11743, with your 
payment. Online registrations that are mailed without payment 
will not be confirmed until payment is received. 

Purchase Order. If you register using a P.O., you’ll be invoiced 
immediately for the registration amount. Payment must be 
received before your registration can be confirmed. 

SPECIAL DISCOUNTS 

You may combine one of these special discounts with the 
Early Registration pricing to save even more! All discounts 
can be applied to both the Full Event Passport and the 
Full Event Passport PLUS. 

Alumni. Have you attended any of BZ Media’s previous 
SharePoint Technology Conferences? If so, you’re eligible 
for a $100 alumni discount. Enter the code ALUMNI in the 
discount code field. 


Group. Get an additional $100 off per person if you register 
three or more people from one company. Use the “Add another 
person” option during the online registration process. 

Government. Federal, State and Local Government employees 
can receive an additional $100 off. Enter code GOV in the 
discount code field. 

Educational Institutions. Personnel employed by or attending 
educational institutions can get a $100 discount by using the 
code EDU. 

User Groups. Contact Whitney Grekin, wgrekin@bzmedia.com 
or +1-631-421-4158 xl03, to see if your group is eligible for 
a discount. 

Non-Profit Organizations. Personnel employed by non-profit 
organizations can get a $100 discount by using the code 
NONPROFIT. 

CANCELLATION & REFUND POLICY 

You can receive a full refund, less a $150 registration fee, 
for cancellations made by Friday, January 13, 2012. 
Cancellations after this date are non-refundable. Send your 
cancellation in writing to registration@bzmedia.com. 
Registrations may be transferred to another person. 

QUESTIONS 

Contact Stacy Burris, Event Director at 
sburris@bzmedia.com or +1-631-421-4158 xl08. 











